Database of 1.37 Billion Email Addresses found as World’s Largest Spam Network Exposed

The world’s largest spam network has been exposed, and along with it, a huge database of more than 1.37 billion email addresses, names, addresses, and IP addresses. The database was exposed due to an error made during a backup. The company responsible for the operation is the email marketing firm River City Media – a legitimate email marketing company that uses some decidedly unsafe email marketing practices.

According to MacKeeper researchers, the company behind the massive spamming campaigns were sending up to one billion spam email messages on a daily basis. However, due to the leak, life is likely to get a lot more difficult for the email marketing firm. Its entire infrastructure has now been added to the spamming blacklist managed by Spamhaus: The world leader in providing up to the minute threat intelligence on email spam and related spamming activity.

The company did not configure their Rsync backups correctly, resulting in those backups being available online without any requirement for a password. The database was noticed by MacKeeper security researcher Chris Vickery.

The revelation that such a large database had been obtained was massive. In fact, it even drew a response from the Indian government, which felt it necessary to distance itself from the source of the leak. The Indian government’s federal ID system is one of a very small number of databases that stores that number of records.

The number of records in the database is so vast that almost everyone that uses email would either be on the list or would know someone that is.

According to Vickery, there are various tactics used, although he stated “credit checks, education opportunities, and sweepstakes,” are typically used to obtain the email addresses, as are legitimate marketing campaigns from major brands. Users divulge their email addresses during these campaigns in order to be sent a free gift, special offer, or an online service. Hidden away in the terms and conditions, which few people consider, is confirmation that the information collected will be shared with marketing partners. Those marketing partners then send addresses to their partners, and their partners’ partners, and so on. Before long, the email addresses will be made available to a great deal of cyber criminals.

When hackers use those addresses, there is a good chance that the domains used for sending the marketing messages will be restricted. To get avoid this, companies such as RCM use warm up accounts to share their campaigns.

New campaigns will be then shared to the warm up accounts, and once they do not generate complaints, the sender of the emails will be labelled as a good sender. With a good reputation, the cybercriminals will be able to scale up their operation and send out billions of messages. If at any point messages start to be rejected or complaints start to be registered, the domain is dropped and the process begins again. That way, RCM is able to bypass spam filtering controls and go on sending messages.

A detailed insight into the world’s biggest hacking spam operation and tactics used to share spam messages has been released by CSO Online, which worked with Vickery, MacKeeper, and Spamhaus following the discovery of the huge database.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone.