1.3 billion records leaked: spam operator suffers data breach

After a weekend of speculation, River City Media (RCM), an “illegal spam operation”, was revealed to be the victim of a data breach that affected a staggering 1.37 billion email accounts.

The company reportedly masquerades as a legitimate marketing firm while sending up to a billion spam emails a day, as its own documentation attests.

The data from this operation was discovered by ‘data breach hunter’ Chris Vickery, a security researcher for MacKeeper, who first teased the leak on Friday. Vickery credits fellow MacKeeper researchers, CSOOnline and Spamhaus for assisting in the investigation.

The information was exposed to the public after RCM failed to properly configure its rsync backups.

Data breach hunter

The leak was first identified by Vickery last Friday. In a tweet, he revealed that 1.4 billion records would be leaked by Monday morning.

In a follow-up message, he offered a teaser screenshot of the database’s summary data, which showed the number of identities was 30 million fewer than his original announcement – a ‘mere’ 1.37 billion.

Vickery had discovered what CSOOnline called “everything”:

From Hipchat logs and domain registration records, to accounting details, infrastructure planning and production notes, scripts, and business affiliations. In addition, Vickery uncovered 1.34 billion email accounts. These are the accounts that receive spam, or what RCM calls offers.

CSOOnline adds that some of these records also contained personal information, such as full names, physical addresses and IP addresses.

The identity of the breached company had been subject to rampant speculation since Vickery’s tease on Friday, with the size of the breach appearing to limit the potential candidates to a handful of names. River City Media was not on most people’s radar, with the likely candidates including: Facebook, YouTube, Apple, Microsoft, Yahoo and data harvesting companies such as Oracle, Salesforce and Wayin. Aadhaar, India’s biometrics database of its citizens, was also considered, as well as mainstream Chinese social media companies that have over 1 billion users.

The unexpected nature of this breach has caught many off guard. CSOOnline writes that because so much data has come to light – perhaps most significantly, the internal workings of an enormous spam and illegal hacking operation –it has not been able to fit everything into a single story.

There will be more information to follow.

Subscribe to the Daily Sentinel for updates on this story and all the latest cyber security news.