CIO Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR TUESDAY MARCH 28

Close Search Box
CIO Today
DATA SECURITY
Spam E-Mail Operator's Faulty Backup Leaks 1.37 Billion Addresses
Posted March 6, 2017
Spam E-Mail Operator's Faulty Backup Leaks 1.37 Billion Addresses
Next Story
EARLIER
Internet of Things Security: Not Just a CIO's Job
THIS STORY
Spam E-Mail Operator's Faulty Backup Leaks 1.37 Billion Addresses
Next Story
LATER
Security Fail: Hackers Drawn to Energy Sector's Lack of Controls
YOU ARE HERE:   HOME arrow DATA SECURITY arrow THIS STORY
NEWS OPS

By Alex Hern. Updated March 6, 2017 9:44AM

SHARE

ALSO SEE

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37 billion email addresses thanks to a faulty backup.

As well as email addresses, the holy grail of the spam operation, personal information including real names, IP addresses and physical addresses have also been leaked, though on a smaller scale than the email information that makes up the bulk of the dataset.

According to security researchers at MacKeeper, the leaked information stems from an operation called River City Media, an email marketing firm that sends up to a billion messages a day to spam filters across the world.

"The situation presents a tangible threat to online privacy and security as it involves a database of 1.4bn email accounts combined with real names, user IP addresses, and often physical address," said MacKeeper's Chris Vickery. "Chances are that you, or at least someone you know, is affected."

Vickery hasn't managed to fully verify the leak, but says he has found addresses he knows are accurate in the database. And the source of the data, a snapshot of a backup made at some point in January 2017, accidentally published to the internet without any password protection, adds more credibility to the leak.

"Well-informed individuals did not choose to sign up for bulk advertisements over a billion times," Vickery says. "The most likely scenario is a combination of techniques. One is called co-registration. That's when you click on the 'Submit' or 'I agree' box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site."

Anti-spam organisation Spamhaus, working alongside MacKeeper and Vickery, has used the information contained in the leak to add River City Media's details to its database, blacklisting the firm's entire infrastructure.

The breach is so large that when Vickery initially reported that he had access to a leaked dataset containing 1.4bn records, India's national government issued a statement denying that it was the source -- the country's federal ID system is one of the few databases in the world containing more than a billion individuals, and speculation ran rampant until Vickery released the actual information.

© 2017 Guardian Web syndicated under contract with NewsEdge/Acquire Media. All rights reserved.

Tell Us What You Think
Comment:

Name:

MORE IN DATA SECURITY

Next Article >

INSIDE CIO TODAY NETWORK SITES SERVICES BENEFITS