In an #EpicFail moment, notorious spammers River City Media (RCM) has exposed 1.37 billion email addresses after failing to password-protect a remote backup. This was discovered by Chris Vickery who is a security researcher at MacKeeper:
A cooperative team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus came together in January after I stumbled upon a suspicious, yet publicly exposed, collection of files. Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.
Additional coverage can be seen over at CSOOnline.
The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM). Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.
Think about that for a second. How can a group of about a dozen people be responsible for one billion emails sent in one day? The answer is a lot of automation, years of research, and fair bit of illegal hacking techniques.
I say illegal hacking due to the presence of scripts and logs enumerating the groups’ many missions to probe and exploit vulnerable mail servers.
The game that these spammers were playing goes something like this. RCM gathered its mammoth database from people requesting credit checks, entering prize giveaways and sweepstakes and applying for education opportunities, along with techniques like co-registration in which a person’s info is shared with unnamed affiliates after clicking “submit” or “I agree” on a website. Thus, there’s a very good chance that your e-mail address is likely in this leak.
The good news is that RCM’s spamming days are over. Spamhaus has blacklisted their entire operation. The bad news is that this database has a ton of personally identifiable info. Who knows what hands that is going to end up in.
Like this:
Like Loading...
Related
This entry was posted on March 7, 2017 at 8:08 am and is filed under Commentary with tags Privacy, Spam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Spammers Have Internal Database Leak Onto The Web
In an #EpicFail moment, notorious spammers River City Media (RCM) has exposed 1.37 billion email addresses after failing to password-protect a remote backup. This was discovered by Chris Vickery who is a security researcher at MacKeeper:
A cooperative team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus came together in January after I stumbled upon a suspicious, yet publicly exposed, collection of files. Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.
Additional coverage can be seen over at CSOOnline.
The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM). Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.
Think about that for a second. How can a group of about a dozen people be responsible for one billion emails sent in one day? The answer is a lot of automation, years of research, and fair bit of illegal hacking techniques.
I say illegal hacking due to the presence of scripts and logs enumerating the groups’ many missions to probe and exploit vulnerable mail servers.
The game that these spammers were playing goes something like this. RCM gathered its mammoth database from people requesting credit checks, entering prize giveaways and sweepstakes and applying for education opportunities, along with techniques like co-registration in which a person’s info is shared with unnamed affiliates after clicking “submit” or “I agree” on a website. Thus, there’s a very good chance that your e-mail address is likely in this leak.
The good news is that RCM’s spamming days are over. Spamhaus has blacklisted their entire operation. The bad news is that this database has a ton of personally identifiable info. Who knows what hands that is going to end up in.
Share this:
Like this:
Related
This entry was posted on March 7, 2017 at 8:08 am and is filed under Commentary with tags Privacy, Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.