A back-up of almost 1.4bn email addresses, as well as far more detailed user information, has been leaked after a company’s lack of security was exposed.
River City Media (RCN), a company that sends hundreds of millions of emails a day under the premise of marketing, has just messed up.
A back-up file containing personal information on 1.37bn accounts has been discovered, revealing, in certain cases, complementary information including real names, IP addresses and physical addresses.
Though the source of the leak has yet to be confirmed, the person who discovered it, Chris Vickery of MacKeeper, claims that some people he looked up in the database are accurately logged.
“The situation presents a tangible threat to online privacy and security as it involves a database of 1.4bn email accounts combined with real names, user IP addresses and often physical address,” said Vickery, who hinted at the scale of the tranche last week.
1.4 billion identity leak story incoming Monday morning.
Thanks go to @SteveD3 (and someone else) for cooperating on investigation.— Chris Vickery (@VickerySec) March 3, 2017
“Chances are that you, or at least someone you know, is affected.”
Vickery alleges that RCN engaged in questionable practices to amass this treasure trove of data, claiming to have passed on evidence to Microsoft, Apple “and others”.
Spamhaus, a non-profit organisation tracking spammers, has blacklisted the duo behind RCN – though it’s the sheer scale of the company’s operation that will worry most people.
It is thought that RCN acquired some details on this massive list through people applying for products that required additional interactions to secure credit checks, education opportunities and sweepstakes. Vickery suggests that other organisations helped to curate the list.
“Well-informed individuals did not choose to sign up for bulk advertisements over a billion times,” said Vickery. “The most likely scenario is a combination of techniques.
“One is called co-registration. That’s when you click on the ‘Submit’ or ‘I agree’ box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site.”