Spammers leak out $1.4bn email accounts mapped to real names
A large-scale spamming company left its database of 1.4 billion email accounts - with full names and IP addresses - exposed to the internet, creating one of the biggest privacy violations in history. MacKeeper security researcher Chris Vickery said he found a segment of database and other file backups that hadn't been protected by passwords by accident in January this year.
The files in question are related to a spamming firm called River City Media run by Americans Alvin Slocombe and Matt Ferris. Both Slocombe and Ferris are listed by anti-spam nonprofit The Spamhaus Project, and are associated with other bulk email operations.
Vickery noted that the database contains many military email accounts plus the full names and IP addresses of their owners.
Many of the email accounts were mapped to physical addresses as well. Vickers believes they were gathered when users registered on websites which secretly shared these details with spammers.
Other tricks used by the spammers and their affiliates to collect information included credit checks, education opportunities and lottery offers, Vickery said.
“Imagine the privacy and legal implications here,” he said.
“Law enforcement agents normally have to go through a subpoena process before a service provider will hand over the name behind an IP address or account. This list maps out 1.4 billion.”
Besides the email accounts, Vickery found log files from Atlassian Hipchat sessions, business details and accounts, domain registrations and information on who the spammers are cooperating with.
The database is approximately 223 gigabytes in size. River City Media is believed to have sent out over a billion spam emails a day.
Vickery said the size of the database made it difficult to verify if the information it contained was genuine.
“I’m still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate. The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location,” he wrote.
Many of the email accounts were registered by the spammers themselves to bypass anti-spam measures.
These are used as “warm up” accounts, to receive spam without generating complaints.
This tricks the recipient email system’s anti-bulk email algorithm into believing the spam is a genuine message, which in turn improves the senders’ reputation making them less likely to be blacklisted and blocked.
Other spam-blocker defeating measures include using “aged domains” with older registrations that are more trusted than newer ones, and a “Slow Loris” technique to open up a large amount of connections against Google’s Gmail servers to force it to process bulk email.
Vickery said he notified police about River City Media and the information breach, along with major internet companies affected by the spamming such as Google, Yahoo and Microsoft.