“Chances are that you, or at least someone you know, is affected.”
One of the world’s largest spam email operations has accidentally leaked its entire database of almost 1.4 billion email addresses because of carelessness when carrying out a routine backup.
As well as email addresses the leaked data also included names, IP addresses and mailing addresses, according to security researchers at MacKeeper.
The data was reportedly leaked from from a US based email marketing company called River City Media who send out more than one billion email per day. According to TechCrunch, the the company previously has worked with the likes of Nike, AT&T and Gillette.
The massive haul of leaked data was discovered in January, said security expert Chris Vickery from MacKeeper, after he found a remote backup stored online without any form of security or password protection.
The leaked data was available due a failed remote back up, he said.
Vickery added that he has been able to confirm the authenticity of the data by looking up the names of people who he knew whose details were found to be included in the list.
“The situation presents a tangible threat to online privacy and security as it involves a database of 1.4bn email accounts combined with real names, user IP addresses, and often physical address.”
“Chances are that you, or at least someone you know, is affected,” Vickery wrote in a blog post.
The discovery of the huge haul of data gives an insight into how spammers go about their business.
Vickery said that it is unlikely that more than one billion people would have agreed to sign up to one mailing list and the large amount of email addresses collected is probably the result of what is known as “co-registration”.
This is a technique which essentially gets unsuspecting users to allow their data to be shared multiple affiliates linked to the site they are signing up to, with details of how the user’s data is shared buried in small print.
“Well-informed individuals did not choose to sign up for bulk advertisements over a billion times,” Vickery said.
“The most likely scenario is a combination of techniques. One is called co-registration. That’s when you click on the ‘Submit’ or ‘I agree’ box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site.”
The data breach is so large that the Indian government have since been forced to issue a statement denying that it was their data that had been leaked. The county’s federal identity system database being one of the few in the world to contain details of more than one billion people.
The BBC reports that River City Media has not commented on the allegations.