Recently, a spam company used a number of tricks to accumulate a database of 1.4 billion e-mails, IP addresses, names, and even physical addresses of users. Now all this is circulating on the internet after a backup leak.
1.4 Billion Email Addresses & User Details Found Online As Spammers’ Backups Leak
A spam company used a number of tricks to accumulate a database of 1.4 billion e-mails, IP addresses, names, and even physical addresses of users. Now all this is circulating on the internet after a backup leak.
Security researcher Chris Vickery found the data and confirmed the veracity of them. According to him, River City Media (RCM) obtained e-mail addresses and other data offering sweepstakes, credit analysis and online educational materials.
In addition, security researcher Chris Vickery was also able to get data from other digital marketing companies through something called co-registration: that’s when you fill out a form and click “Submit” agreeing that your personal details can be shared with “selected partners.”
RCM was also responsible for an astounding amount of spam: according to the leaked documents, they sent a billion messages a day. The company had an arsenal of scripts that listed, probed, and attacked e-mail servers.
Vickery explains that one of the tactics used was the Slowloris attack. Basically, the company opened as many connections as possible between it and a Gmail server, and sent packages extremely slowly and fragmented, while requesting more connections.
So when the Gmail server was almost ready to give up and cancel all connections, RCM would suddenly fire as many emails as possible. This overhead caused the sender to be blocked, but not before several messages were processed and sent.
According to Vickery, RCM suffered a massive data leak due to an unprotected Remote Sync directory. The backups of the company were circulating through the internet, and it only detected the problem one month after the occurrence.
However, the security researcher forwarded the relevant details to the tech giant Microsoft, Apple and government agencies. Now it is to be hoped that this will reduce the amount of spam circulating the world. Spamhaus, a non-profit organization, specializing in combating unwanted messages, has blacklisted the entire infrastructure of RCM.