The Internet is a very leaky place. Security researchers find new servers spilling private data with alarming regularity. Some incidents have involved well-known, reputable companies. This one does not. It involves a server that helped cyber criminals run a massive SPAM campaign.
While investigating massive spam-producing malware network, security researchers at Vertek Corporation made an unexpected discovery. One of the servers linked to the malware hadn’t been properly secured. Anyone who had the IP address of the server could connect at will and download a massive cache of email addresses.
Vertek tallied more than 44 million addresses in total. Of those, more than 43,500,000 were unique. The data was broken down into just over 2,200 files with each one containing more than 20,000 entries.
Bleeping Computer was provided with a list that broke down which email services were the most popular with the spammers. Yahoo addresses were the most common, at nearly 9 million. AOL was a close second at just over 8 million. Comcast addresses were the third most common at around 780,000.
The numbers fall sharply after that, with none breaking half a million. Many of the addresses that appear are provided by ISPs like AT&T, Charter, Cox, and SBC. Curiously enough, very few Gmail accounts were listed. Bleeping Computer thinks that may be because the database Vertek was able to access only contained part of the spam server’s address book. It’s also possible that these particular domains were chosen to target a specific type of user.
Vertek’s researchers have shared their findings with Troy Hunt, who is analyzing the list against the already massive database he maintains at the breach notification service HaveIBeenPwned.
It wouldn’t be at all surprising if Hunt discovers that all 43 million addresses were already exposed by other leaks or hacks. Why? Because at least two other leaks from spam-linked servers contained way, way more.
In August of last year, Hunt processed a whopping 711 million addressesfrom a compromised server. Many of those, he determined, had been dumped before. The biggest leak involving a SPAM service involved twice as many emails. MacKeeper’s Chris Vickery discovered a mind-blowing 1.4 billion addresses exposed by a shady server.