Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation (betanews.com)

Posted by msmash on from the boom dept.

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.

14 of 141 comments (clear)

  1. Source article by Anonymous Coward · · Score: 5, Informative

    Vickery's own writeup is here.

  2. Can someone post a download link? by downright · · Score: 3, Interesting

    I want to see if I'm on it. Yeah. That's why. Just Kidding. :-)

  3. Re:They seem to have "inside" contacts. by Zocalo · · Score: 3, Funny

    Or maybe they just have an intrusion detection system and Vickery or one of his helpers tripped over it while exfiltrating the data. Hopefully they've got enough for law enforcement to identify at least some of those involved and, ultimately, send them for a lengthy stay somewhere where they need to worry about unsolicited male.

    --
    UNIX? They're not even circumcised! Savages!
  4. Re:Redundant by Obfuscant · · Score: 5, Informative

    You signed up for it when you bought a product or made an inquiry on their site and did not uncheck a box that signed you up for them most-likely.

    That's the lie every spammer uses to justify their garbage. De-selecting the "send me all kinds of email about stuff I don't want" checkbox does nothing.

    If you're still getting it you're just too lazy to unsubscribe.

    I SHOULD NOT HAVE TO UNSUBSCRIBE FROM JUNK EMAIL LISTS THAT I DID NOT SUBSCRIBE TO IN THE FIRST PLACE. THE FIRST PIECE OF SPAM IS STILL SPAM.

  5. Send everyone an email to let them know by jfdavis668 · · Score: 4, Funny

    Download the database, and keep email everyone on the list that they are subject to spam emails. Do this every night to make sure they know. Add a few ads to help pay for the project.

  6. Re:BetaNews? by b0bby · · Score: 3, Informative

    The indignant AC didn't post the link, but I assume it's this one:
    http://www.csoonline.com/artic...
    And yeah, it's a way better article.

  7. Re:Redundant by SeaFox · · Score: 3, Informative

    Spam is UNWANTED e-mail.

    No, spam is UNSOLICITED commercial email. When you did whatever action you did on their site to receive it, you solicited them to send it to you as part of it. True spam is from companies you never heard of and never had a business relationship with.

  8. Re:Redundant by Obfuscant · · Score: 5, Insightful

    that doesn't mean it isn't a legitimate justification for a lot of commercial email.

    It is not a legitimate excuse for the commercial email I receive based on such lies. I ALWAYS uncheck this "pre-selected opt-in" (an oxymoron), and the spammer ALWAYS tells me that I opted-in.

    If I order a pizza on PizzaHut.com, and next week Pizza Hut sends me an email with their weekly special offers, that isn't spam.

    Yes, it is. Unsolicited commercial junk email. UCE. BY DEFINITION.

    Spam is all the completely unsolicited boner pills, home mortgage, weight loss, and other garbage coming from randos who bought or harvested my email address somewhere,

    Spam is not defined by topic. It is defined by UNSOLICITED COMMERCIAL EMAIL. Yes, there are many sources of spam. The fact that you bought a pizza at Pizza Hut does not excuse their unsolicited commercial email, which is spam.

  9. Re:Redundant by nukenerd · · Score: 5, Insightful

    Spam is UNWANTED e-mail.

    No, spam is UNSOLICITED commercial email. When you did whatever action you did on their site to receive it, you solicited them to send it

    Bullshit. My "action" is to buy something online (it is getting hard to find some types of stuff any other way). Buying something is not "soliciting" for email adverts for ever after.

    Anyway, I use disposable email addresses for purchasing. After it's delivered, I turn off the address and their spam is going into a black hole somewhere, not even as far as my spam directory. But I can look at the stats and see that some companies I have bought from (including a gardening supplier I bought a $10 item from 5 years ago) have sent me thousands of emails - a situation that is ridiculous

  10. Are you affected? by andrewa · · Score: 4, Funny

    Just provide the following details and we will search the leaked database to determine if your details are compromised.

    First Name:
    Last Name:
    Email:
    Phone:
    SSN:

    [Submit]

    --
    :(){ :|:& };:
  11. Re:Redundant by JoeMerchant · · Score: 4, Informative

    In the 1990s, any acknowledgment of a spam e-mail was an invitation to more SPAM.

    Lately, the unsubscribe links mostly work pretty well. I've been able to maintain the same address for 20 years now and it's still usable, sure it gets SPAM, but with billions of legitimate SPAM targets on the planet today, just knowing that the address is legit isn't enough to make it attractive anymore.

    Also, there are some penalties for not handling "unsubscribe" requests properly, never looked into enforcement and collection, but I'm sure some people have.

  12. Re:Redundant by sit1963nz · · Score: 3, Interesting

    It took me over 2 years to get off one hotel chains spam list even though I ticked "DO NOT email me offers"

    Now I have a spam email address I use for all hotels , real estate agents, etc etc etc that fits into the format of x.x.xspamtrap@gmail.com
    so they KNOW its a spam trap
    Some have complained that its not a real address, it is, but anything that ends up there is automatically deleted, I never see any of it, and they get told this
    I am more than happy to show them on my phone that its real, but worthless.

  13. Re:Redundant by Obfuscant · · Score: 4, Informative

    use "PizzaHut+mymail@gmail.com" now you have a unique one for them that you can block off at any time.

    You don't need to block it off, it will be sent to someone else who already has the "pizzahut@gmail.com" address, with the added benefit of telling them who is using their address to sign up for pizzahut spam.

    Try "mymail+pizzahut@gmail.com".

    Thanks to everyone who thinks I need to know how to avoid this spam, but I already do. I am well aware and a long time user of RFC5233 addressing.

  14. Re:Redundant by afidel · · Score: 3, Informative

    other way around, myemail+pizzahut@gmail.com

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.