Email spammer unwittingly leaked data on 1.3 billion people

It’s bad enough we have to worry about spam emails promising discount medications and other shady deals. Now we have to be concerned that the spammers don’t accidentally leak user data they probably dubiously obtained.

A huge email marketing organization called River City Media failed to safeguard backups of its database of 1.34 billion email accounts, resulting in all that user information being available for anyone to see.

Chris Vickery, a MacKeeper security researcher, wrote Monday that he discovered the unsecured user data in January and worked with security organization Spamhaus and cybersecurity news site CSO Online to further investigate the data breach.

Vickery said he traced the “leaky files” to the spamming operation, which he said “masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.”

He wrote that the River City Media was able to obtain “email accounts, full names, IP addresses, and often physical address” from over a billion people through its spam operation that involves emails promising “credit checks, education opportunities, and sweepstakes.”

The database of user information is so big, Vickery wrote, “chances are that you, or at least someone you know, is affected.”

CSO Online, which helped Vickery in his investigation, has a detailed account on the spam operations of River City Media and how it accidentally leaked its database. The gist of the data breach is that River City Media workers failed to properly configure its backup system, which led to Vickery discovering the user data.

The publication said that the researchers reported the data breach and spammers to law enforcement, but that the researchers “cannot discuss those elements, because the agencies involved cannot comment on pending or ongoing investigations.”

This story originally appeared on Fortune.com. Copyright 2017