IdentityForce Logo IdentityForce Logo
Protect What Matters Most.
Posted on March 8, 2017 by in Data Breach & Technology, Personal

We write blog posts all the time about data breaches at companies around the country, but this one is a little different. A known group of spammers, who operate under the name River City Media, unknowingly released their own private data into cyberspace after failing to properly configure their backups in a debacle being called “Spammergate.” Thankfully, the “good guys” found the information — in this situation, it was Chris Vickery, a security researcher for MacKeeper — and reported everything to the proper authorities.

Who is River City Media?

Up until now, River City Media has pretended to be a legitimate marketing firm. The group is led by Alvin Slocombe and Matt Ferris, both known spammers, and they claimed to be responsible for sending up to a billion e-mails every day. Security experts knew what they were doing, but couldn’t prove anything — until Vickery found the mother lode. As part of the information during Spammergate, he uncovered:

  • Hipchat logs
  • Domain registration records
  • Accounting details
  • Infrastructure planning
  • Production notes
  • Scripts
  • Business affiliations

But the biggest discovery? Vickery found a database of 1.4 billion email accounts, IP addresses, full names, and some physical addresses. Wondering if the data was actually real, he randomly searched for the names of people he knows and investigated some names of strangers to compare against social media pages and business websites. As far as he could tell, the data was, in fact, legitimate, but possibly outdated for some people.

How Did River City Media Collect 1.4 Billion Records?

According to CSO Online, it’s believed that most of the personal records and email addresses discovered as part of Spammergate were collected by a process called co-registration, also known as CoReg. With co-registration, you would sign up for something online, and then that address would be shared with a third party or some kind of partner.

“Nobody would knowingly give their email address to spammers, so they have to be tricked into it,” explained Mike Anderson from Spamhaus to CSO Online. “Usually, there is some kind of offer for a ‘free gift’ in exchange for giving up an email address and personal information. The fine print of these offers allows the company to share their addresses with their ‘partners’ which ends up also being their partner’s partners, and their partner’s partner’s partners, until every spammer on the planet has their address.”

At this time, it’s unclear what’s going to happen to River City Media. While law enforcement is involved, groups like River City Media often have all sorts of aliases and affiliate programs — no one can be sure they will all be wiped out. To put it into perspective, the exposed River City Media data connects the organization to more than 20 business partners and more than 30 aliases.

Although it’s hard to say what’s going to happen to the spammers over at River City Media, it’s refreshing to see these cybercriminals slip up and get caught. If anything, it’s a good lesson for all of us to be careful about which websites we choose to enter our information into. Be wary of “free gifts” and other too-good-to-be-true promises—because you may just become a victim of the next Spammergate.