spam operation exposed after bad back-ups(1.37billion e-mail adresses)

[Bsmith]

TLDR:
Chris Vickery discovered a database log consisting of more then 1.37billion e-mails, some of them linked to physical locations, IP's, and sometimes even complete personal information lists with names and phone numbers.

The database belongs to River City Media(RCM), a company that specializes in creating mailing lists and sending promotion e-mails out to random people, whose behaviour for the mail was tracked and used separate those who click, view and buy. with that data they would sent more mails on what was predicted to be the most efficient.
The client list of RCM includes companies like Nike, AT&T, dollar shave club and more.

 

amount of addresses sorted on highest to lowest.

 

Okey, this is a big one, a really really big fish, let's start with he tweet that brought this to my attention.

 

A database leak with so many entries must be big right?

the UKregister was soon at the party with a list of possible companies.

Quote

Vickery, of MacOS security software house MacKeeper, has good form finding breaches: he spotted one involving US Military Special Operations Command healthcare professionals and the Trump-for-president campaign's leaky AWS server.

Speculation as to the identity of the victim is naturally rife and as the size of the breach is huge, the list of candidates is short.

Close to the top of the list is “Aadhaar”, India's biometrics database of its citizens. But the Government of India quashed what it labelled “misinformation in some news items and articles appearing in various print and social media during the last few days” by issuing a statement saying, in part, that there has been “no incident of misuse of Aadhaar biometrics leading to identity theft and financial loss during the last five years.”

The only other nation with the potential for a database to contain 1.37bn identities is China, and it's been busy with the set piece of the National People's Congress over the weekend.

Which brings us to other candidates, namely:

 

Facebook: And wouldn't plenty of folks love to see The Social Network™ take a fall? Is thought to have over 2bn subscribers for its main service, about the same for Messenger and around half that for subsidiary WhatsApp;

 

YouTube: See above for schadenfreude value, but don't get excited as is not thought to have 1.37bn users;

 

WeChat: Chinese chat platform is thought to have 1bn+ users, with a fair few beyond the Middle Kingdom

 

Tencent: Chinese IM platform QQ and social network Qzone are both thought to have over a billion users;

 

Yahoo!: As we discovered last week, Yahoo!'s security processes were dysfunctional and its billion-plus user database has already been raided twice. Bad news comes in threes …

 

Apple: Cupertino has sold a billion iPhones, plus stacks of iPods and Macs. Lots of repeat customers mean it may struggle to hit the 1.37bn identities mark, but Vickery hasn't said they're unique Identities;

 

Microsoft: With more than 2bn PCs in operation, Redmond has data on an awful lot of people. Can't be ruled out. See logic for Apple, too;

 

A data harvesting company: The likes of Oracle, Salesforce and Wayin have colossal databases of individuals and businesses they sell to marketers and others, and claim to have hundreds of millions of records. Can't be discounted.

 

Whoever it is, come Monday US time it looks like plenty of us will be changing passwords and/or deleting accounts. Again.

Source: https://www.theregister.co.uk/2017/03/06/researcher_warns_of_one_point_four_billion_identity_leak/?mt=1488883860219

 

so the players are named, but what was it for real? yes, for real, but the suspected victims wheren't there, so the register hyped it too much up themselves(owh media) since it where mostly e-mails only.

Quote

The “1.4 billion identity leak” that was hyped up before the weekend involved, no, not a database ransacking at Facebook, YouTube, or anything that important.

No, instead, a US-based spam-slinging operation accidentally spilled its treasure chest of email addresses used to deluge netizens with special offers, marketing crap and the like.

On Friday, Twitter user Chris Vickery teased world plus dog that he was going public on Monday with news of a massive data breach of 1.37 billion records. And that turned out to be 1.37 billion email addresses amassed by River City Media (RCM) – an internet marketing biz apparently based in Jackson, Wyoming, that claims to emit up to a billion emails a day.

The 200GB table includes real names, email addresses, IP addresses, and "often" physical addresses, it is claimed. Vickery said he "stumbled upon a suspicious, yet publicly exposed, collection of files," and discovered the database and documents related to RCM. Among the millions and millions of contact details were chat logs and files exposing the sprawling RCM empire. It turns out the spamming, er, marketing biz has many tentacles and affiliates, mostly dressed up as web service providers and advertising operations.

"Someone had forgotten to put a password on this repository," Vickery said. The data was, basically, a backup held in a poorly secured rsync-accessible system. It is alleged that chat logs and internal files in the repository show RCM staff discussing Slowloris-like techniques to overload mail servers and persuade the machines to accept hundreds of millions of messages.

It is understood RCM gathers information from people applying for free gifts and online accounts, requesting credit checks, entering prize giveaways, and such things on the internet, or the information is bought from similar info-slurping outfits. Vickery said he managed to confirm that at least a few records were real, although the addresses tended to be out of date. He added that there are a "ton" of combinations of names, military email addresses, and IP addresses.

"I’m still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate," wrote Vickery. "The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location."

It's not yet clear how much of the information in the backup is duplicated or accurate. It would be a convincing blow to people's online privacy if this data turns out to be valid and managed to fall into the wrong hands via the insecure rsync system.

RCM did not respond to a request for comment on Vickery's findings. Meanwhile, anti-spam clearing house Spamhaus has blacklisted the organization's entire infrastructure.

source: https://www.theregister.co.uk/2017/03/07/rcm_email_megaleak/

 

 

Quote

Recorded campaigns exposed by RCM's data breach include large brands such as Nike, LifeLock, Liberty Mutual, Fidelity, MetLife, Victoria's Secret, Kitchen Aide, Yankee Candle, Bath & Body Works, Gillette, Match.com, Dollar Shave Club, Dewalt, DirecTV, Covergirl, Clinique, Maybelline, Terminix, and AT&T.

 

a big full lengthy article can be found here, it's a bit to big to post everything of it, so for the interested people I recommend to read through it.
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

 

the thing that blows my mind the most is that there is a LMG/LTT sponsor(dollar shave club) on the list.

[Tech_Dreamer]

i read about this earlier, pretty wicked.

[BloodyWaters]

Well I feel safe. 

[Bojamijams]

so now what happens?

 

[Bsmith]

4 minutes ago, Bojamijams said:

so now what happens?

 

probably not much in general, but the soruce also claims that RCM used "warm-up accounts"* to get their data collection started, which goes against the TOS of all major mail service's and falls under the fraud category, so who knows what legal battle might happen. depending on where they have been active it might have been just over the edge of legal law.

 

*accounts used to start data collection, computer generated and only used to collect information for the campaign.

[colonel_mortis]

2 hours ago, Bsmith said:

Quote

Recorded campaigns exposed by RCM's data breach include large brands such as Nike, LifeLock, Liberty Mutual, Fidelity, MetLife, Victoria's Secret, Kitchen Aide, Yankee Candle, Bath & Body Works, Gillette, Match.com, Dollar Shave Club, Dewalt, DirecTV, Covergirl, Clinique, Maybelline, Terminix, and AT&T.

 

a big full lengthy article can be found here, it's a bit to big to post everything of it, so for the interested people I recommend to read through it.
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

 

the thing that blows my mind the most is that there is a LMG/LTT sponsor(dollar shave club) on the list.

It should be noted that the full article doesn't say that those companies paid to have spam sent in their name, they paid advertising companies to put adverts online, and those advertising companies then (potentially through more layers of indirection) paid RCM to send spam, as I understand it. The article seems to imply, though I'm not sure I entirely believe it, that the companies were unaware that the spam was being sent.

[Bsmith]

2 minutes ago, colonel_mortis said:

It should be noted that the full article doesn't say that those companies paid to have spam sent in their name, they paid advertising companies to put adverts online, and those advertising companies then (potentially through more layers of indirection) paid RCM to send spam, as I understand it. The article seems to imply, though I'm not sure I entirely believe it, that the companies were unaware that the spam was being sent.

It is quite hard to find out with they exactly mean, but I guess that's a piece of information that they(poster of source) either want to keep behind for now or don't know themselves yet.