Learn how your company can create applications to automate tasks and generate further efficiencies through low-code/no-code tools on November 9 at the virtual Low-Code/No-Code Summit. Register here.

It’s bad enough we have to worry about spam emails promising discount medications and other shady deals. Now we have to be concerned that the spammers don’t accidentally leak user data they probably dubiously obtained.

A huge email marketing organization called River City Media failed to safeguard backups of its database of 1.34 billion email accounts, resulting in all that user information being available for anyone to see.

Chris Vickery, a MacKeeper security researcher, wrote Monday that he discovered the unsecured user data in January and worked with security organization Spamhaus and cybersecurity news site CSO Online to further investigate the data breach.

Vickery said he traced the “leaky files” to the spamming operation, which he said “masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.”


Low-Code/No-Code Summit

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register Here

He wrote that the River City Media was able to obtain “email accounts, full names, IP addresses, and often physical address” from over a billion people through its spam operation that involves emails promising “credit checks, education opportunities, and sweepstakes.”

The database of user information is so big, Vickery wrote, “chances are that you, or at least someone you know, is affected.”

CSO Online, which helped Vickery in his investigation, has a detailed account on the spam operations of River City Media and how it accidentally leaked its database. The gist of the data breach is that River City Media workers failed to properly configure its backup system, which led to Vickery discovering the user data.

The publication said that the researchers reported the data breach and spammers to law enforcement, but that the researchers “cannot discuss those elements, because the agencies involved cannot comment on pending or ongoing investigations.”

This story originally appeared on Fortune.com. Copyright 2017

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.