That big scary 1.4bn leak was basically nothing but email addresses (The Register)

The “1.4 billion identity leak” that was hyped up before the weekend involved, no, not a database ransacking at Facebook, YouTube, or anything that important.

No, instead, a US-based spam-slinging operation accidentally spilled its treasure chest of email addresses used to deluge netizens with special offers, marketing crap and the like.

On Friday, Twitter user Chris Vickery teased world plus dog that he was going public on Monday with news of a massive data breach of 1.37 billion records. And that turned out to be 1.37 billion email addresses amassed by River City Media (RCM) – an internet marketing biz apparently based in Jackson, Wyoming, that claims to emit up to a billion emails a day.

Some of the records include real names, IP addresses, and physical addresses, it is claimed. Vickery said he “stumbled upon a suspicious, yet publicly exposed, collection of files,” and discovered they related to RCM. Among the millions and millions of contact details were chat logs and internal documents exposing the sprawling RCM empire. It turns out the spamming, er, marketing biz has many tentacles and affiliates, mostly dressed up as web service providers and advertising operations.

“Someone had forgotten to put a password on this repository,” Vickery said. The data was, basically, a backup held in a poorly secured rsync-accessible system. It is alleged that chat logs and internal files in the repository show RCM staff discussing Slowlaris-like techniques to overload mail servers and persuade them to accept hundreds of millions of messages.

It is understood RCM gathers its information from people applying for free gifts and online accounts, requesting credit checks, entering prize giveaways, and such things on the internet, or the information is bought from similar info-slurping outfits. Vickery said he managed to confirm that some of the data was real, although the addresses tended to be out of date.

RCM did not respond to a request for comment on Vickery’s findings. Meanwhile, anti-spam clearing house Spamhaus has blacklisted the organization’s entire infrastructure. ®

Source: SANS ISC SecNewsFeed @ March 6, 2017 at 08:39PM