Spammers Have Internal Database Leak Onto The Web

In an #EpicFail moment, notorious spammers River City Media (RCM) has exposed 1.37 billion email addresses after failing to password-protect a remote backup. This was discovered by Chris Vickery who is a security researcher at MacKeeper:

A cooperative team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus came together in January after I stumbled upon a suspicious, yet publicly exposed, collection of files. Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

Additional coverage can be seen over at CSOOnline.

The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM). Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.

Think about that for a second. How can a group of about a dozen people be responsible for one billion emails sent in one day? The answer is a lot of automation, years of research, and fair bit of illegal hacking techniques. 

I say illegal hacking due to the presence of scripts and logs enumerating the groups’ many missions to probe and exploit vulnerable mail servers.

The game that these spammers were playing goes something like this. RCM gathered its mammoth database from people requesting credit checks, entering prize giveaways and sweepstakes and applying for education opportunities, along with techniques like co-registration in which a person’s info is shared with unnamed affiliates after clicking “submit” or “I agree” on a website. Thus, there’s a very good chance that your e-mail address is likely in this leak.

The good news is that RCM’s spamming days are over. Spamhaus has blacklisted their entire operation. The bad news is that this database has a ton of personally identifiable info. Who knows what hands that is going to end up in.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: