Database of 1.4 Billion Emails, Addresses Compromised from Spam Network

A database of more than a billion email addresses has been leaked online. The discovery of the database was made by Chris Vickrey, who reported his findings on CSO Online, a security publishing organisation.

Image Source: CSO Online – Partial list of alleged opt-in addresses.


According to  reports Vickery highlighted that the leaked email addresses are the property of a company called River City Media, a marketing company. Vickery also says that its employees, Matt Ferris and Alvin Slocombe, were the ones to pull this off – accidentally – and that they are well-known spammers.


However, Vickery states that the large data dump was discovered when he stumbled across a large collection of files that were laid out in the open. He says they had no password protection on them – meaning anyone could have accessed the list. The list consists of more than 1.3 billion email accounts, which consisted of complete names, physical addresses and IP addresses.

Furthermore, Vickery also told CSO Online that many of the other files he discovered contained River City Media’s internal records, such as office chat logs, websites’ registrations details, financial information and notes related to production.

Vickery says the most interesting thing he discovered was the cache of leaked emails. He says because of further investigations it he concluded that many of the email addresses were gathered through credit check offers, co-registration, sweepstakes and other techniques. Therefore, the analysis showed that the River City Media Company was sending out more than a billion spam emails on a daily basis.

He also told CSO Online about the techniques that River City Media employed to counter anti-spam solutions that were used by the owner of the email. For instance, the River City Media created many fake emails, which were created by them. They would send emails to their fake accounts or warm-up accounts, as Vickery calls them. Once sent to the millions of warm-up accounts, the spam emails were marked as safe. They were ‘washed’ and once they ready, River City Media would ‘email’ them to the rest of the world.

Vickrey also shared his findings with an international non-profit organisation called Spamhaus. The NGO’s goals are to track spammers and other related cyber crimes. The NGO is known for maintaining a database of companies that are spammers, and River City Media along with its entire infrastructure is now a part of that list.

Vickery stated that the leaked database of more than a billion emails is a complex threat to the users that poses a threat to both their online lives and real lives as well.

Image Source: CSO Online – A brief overview of RCM’s operations.


Add a Comment

Your email address will not be published. Required fields are marked *