Forget the Yahoo Hacks, 1.4Bn Emails Exposed by Careless Spammers

Spammers RCM data leak

If you thought the Yahoo hacks that compromised 1.5 billion accounts was an act of carelessness on the part of Yahoo, then how about this? One of the world’s biggest spammers ‘left the door open’ on 1.4 billion data records because they didn’t secure a remote backup with a password.

So, if that massive database wasn’t hacked, then how were these records exposed? It was discovered by Chris Vickery, a security researcher for MacKeeper. The data leak was the result of a failed rsync, or a remote backup.

Apparently, the data has been sitting for “months” on an exposed server, and gave Vickery access to not only the massive email list, but also the company’s chat logs and emails.

Who leaked the data? River City Media, an email marketing service provider, has been collecting these bits of data through “automation, years of research, and fair bit of illegal hacking techniques,” says Vickery.

At peak activity, RCM was sending about a billion emails a day, fragmenting their traffic so Gmail servers would send out their spam emails on time. And some of their activities have been quite lucrative, apparently. In a leaked text that refers to a single day’s activity, 18 million emails were sent to Gmail users and another 15 million spam mails were sent to AOL users. The effort netted RCM $36,000 – not bad for a day’s work.

Of course, whatever RCM is doing on the spamming front is considered illegal activity, including the way their acquire some of their data. Vickery hopes that law enforcement officials will put RCM out of business:

“I found an rsync server on port 873 that they had not put any password or security of any sort on and it has led to he downfall of a criminal enterprise. I’m hoping that they’ll be out of business soon but that would largely depend on actions by law enforcement. If you’re sitting behind bars it’s hard to spam.”




If you’ve ever wondered why you get so much spam, you can blame it on companies like RCM. It doesn’t matter whether your email ID was hacked or not. Even registering for a site online, and that site being hacked, puts you at risk.

But the exposure of RCM’s data does have a positive twist to it. It has given experts tremendous insight into how spammers work at the highest levels. Although RCM has long been on the ROKSO, or Register of Known Spam Operations, their methods reveal clever subterfuge to fool spam-blocking systems of even major email providers like Google.

Moreover, the company has used more than 2,000 IP addresses to send out emails and marketing campaigns on behalf of well-known brands like Nike, Gillette, Victoria’s Secret, AT&T and several more.




Though these companies may not have been aware that their marketing was being done by spammers, it’s very likely that the job was assigned to RCM by legitimate marketing firms contracted by these brands.

By no means is this going to put an end to spam emails. As Vickery says: “This, in the end, is a major victory in an ongoing war.” Vickery has also committed to talking to Google, Microsoft and Yahoo about scripts that “for all sorts of nefarious things that may or may not be patched already.”

Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.

Source 1 | Source 2