An unprotected global database containing the personal records of over 2M Australians and over 1.4 Billion global customers has been stumbled on by a US data protection group.
According to officials this was one of the largest spam operations in the world who has been exposed due to a faulty backup.
As well as email addresses, the holy grail of the spam operation, personal information including real names, IP addresses and physical addresses have also been leaked, though on a smaller scale than the email information that makes up the bulk of the dataset.
According to Mackeeper, Chris Vickery and Steve Ragan of CSO Online stumbled on the database that contained 1.4 billion records.
The data was left completely exposed to anyone who happened to be poking around. They claim it wasn’t even secured by a username or password.
According to Vickery the data was accessible via “a group calling themselves River City Media.” Vickery said that RCM, was sending out up to a billion daily emails every day in an effort to fleece consumers.
Also exposed was numerous documents that revealed the inner workings of RCM’s spam operation which ChannelNews has been told has now been shut down.
One leaked text references a single day of activity that targeted Gmail users with 18 million emails and AOL users with another 15 million. The total take was around $36,000.
“The situation presents a tangible threat to online privacy and security as it involves a database of 1.4bn email accounts combined with real names, user IP addresses, and often physical address,” said MacKeeper’s Chris Vickery. “Chances are that you, or at least someone you know, is affected.”
Vickery hasn’t managed to fully verify the leak, but says he has found addresses he knows are accurate in the database. And the source of the data, a snapshot of a backup made at some point in January 2017, accidentally published to the internet without any password protection, adds more credibility to the leak.
ChannelNews has contacted the security Company to try and get a copy of the Australians listed on the database.
Anti-spam organisation Spamhaus, working alongside MacKeeper and Vickery, has used the information contained in the leak to add River City Media’s details to its database, blacklisting the firm’s entire infrastructure.
Some have speculated that the data came from India where several leading Australian Companies have call centres.
