Many of the massive data breaches you’ve read about over the past few years are the result of incredibly sophisticated hacking — the infamous Yahoo! incidents, for example. There are other ways data leaks out that are incredibly un-sophisticated. Sometimes all it takes is someone careless when setting up a backup.
That’s what led to security researchers Chris Vickery and Steve Ragan stumbling onto a database that contained 1.4 billion records. The data was left completely exposed to anyone who happened to be poking around. It wasn’t even secured by a username or password.
The data, Vickery says, was served up on a platter by “a group calling themselves River City Media.” RCM, he continues, was “responsible for up to a billion daily email sends” every day. In addition to spilling over a billion email addresses (and, in some cases, physical addresses), the leak exposed numerous documents that revealed the inner workings of RCM’s spam operation.
Some of those documents show just how profitable spamming can be. One leaked text references a single day of activity that targeted Gmail users with 18 million emails and AOL users with another 15 million. The total take: around $36,000.
How does a group that’s reportedly made up of about 12 individuals amass a mailing list with 1.4 billion addresses and send tens of millions of emails in a single day? Through “automation, years of research, and fair bit of illegal hacking techniques,” Vickery states. It’s also not uncommon for spammers to share their databases or harvest email addresses when hackers dump them online.
That might explain how you end up on mailing lists that try to sell you everything from generic drugs to car loans. Even if you’re extremely careful about giving out your primary email address all it takes is one legitimate service you registered for being hacked and you’re sunk.
Source: SANS ISC SecNewsFeed @ March 6, 2017 at 09:55AM