Spam Email Operator Leaked Its Database

A faulty backup forced one of the largest spam operations ever to expose its database of 1.37bn email addresses and personal information such as real names, IP addresses and physical addresses. However, personal details leaked on a smaller scale than the email data.

Security researchers found out that the leaked data originated from an operation dubbed River City Media, an email marketing company sending up to a billion messages to spam filters daily. They believe that the leak presents a tangible threat to online privacy by exposing a database of 1.4bn email accounts along with real names, user IP addresses and often physical addresses. Although the experts couldn’t fully verify the leak, they have found addresses they know are accurate in the database. They also point out that the source of the data is a snapshot of a backup made in January and accidentally published online without any password protection. This turn of events adds more credibility to the leak.

How is this database formed? Of course, people did not choose to sign up for bulk advertisements more than a billion times. More often, they get subscribed via co-registration – when they click on the “I agree” box next to all the small text on a website, without realizing that this action made them agree to share personal details with affiliates of the site.

One anti-spam group has used the information contained in the leak to add River City Media’s details to its database, blacklisting its entire infrastructure. Meanwhile, the leak is so huge that India’s national government initially issued a statement denying that it was the source – until the security researchers released the actual information.