Monday morning, March 6, 2017 started off with a teaser announcement from data breach storm chaser Chris Vickery over at MacOS security software specialists MacKeeper. The announcement stated that later in the morning the identity of a breach victim with 1.37 BILLION records compromised would be identified.
Wow 1.37 Billion is a LOT of records! For perspective, there are only about 300 Million people in the whole United States. A breach of that size can only happen to an organization that either has a lot of individual users/customers, a large government agency or perhaps a large scale data aggregator.
The Internet was immediately on fire with speculation as to who might have been breached… Facebook? Salesforce? Apple? Alibaba?
Well, a few hours later the mystery was solved when Chris Vickery revealed on the MacOS blog that the “victim” was one of the largest email spammers in the world! Wow, no one had that on their radar.
SPAM SPAM SPAM
The spammers, who position themselves as legitimate marketers under the name River City Media, use automation and hacking techniques to send out an estimated 1 Billion emails a day with a team that numbers around a dozen. While everyone despises spam email, at some level you have to admire the sheer spamming scale that Alvin Slocombe and Matt Ferris, the River City Media principles, were able to operate at.
Another Dark Day for Privacy
In addition to emails, the database contains real names, IP addresses and frequently physical addresses. It would appear that these details may be headed over to law enforcement authorities so “big brother” just got a huge windfall.
Kudos to the Spam Assassins
You can bet that this is only the beginning of the story and that much more will come to light in the months ahead. Certainly all the investigators involved, MacKeeper Security Research Center, CSOOnline, and Spamhaus deserve a huge helping of kudos for clearing up, at least a little bit, the inboxes of over a billion spam victims in one fell swoop.
How Secure is Your Network?
You would think that a group of professional spammers would have appreciated and deployed the best security measures possible. It just goes to show that any operation, illegal or otherwise can be brought to a screeching halt when a data breach occurs.
Don’t let something like this happen to your organization!
Get proactive on challenging your own network security before it is too late. From executive assessments to vulnerability discovery and breach simulation Konsultek can help. Give us a call to find out how we can help you identify and quantify your network security risks in a proactive manner.