I have been pwned, and almost certainly, so have some of you.

What now?

On Monday, Chris Vickery, a security reasearcher at MacKeeper, announced that he had found a leak from River City Media’s user database. I’m assuming you haven’t heard of them, I know I hadn’t. Turns out they’re an email marketing organization (pronounced MASSIVE SPAMMERS).

Anyways, due to a faulty backup procedure, the RCM database was leaked. The database contained 1.37 BILLION addresses. And not just email addresses, but in some cases IP addresses, real names, and even physical addresses. That’s right, physical addresses.

Well, isn’t that special.

BTW, by the time you read this RCM will probably be in the process of changing their name without any hiccups in their operations

Am I Affected?

Anyways, I initially found out about this not through news media but through a fantastic service created by noted security researcher Troy Hunt. It’s called haveibeenpwned and the way that it works is that any time a security breach like this is made public, you get a notification if your email address is found in the leaked data, and it tells you what sort of information may have been exposed. It’s a completely free service and I’ve signed up with all of the email addresses that I use. I HIGHLY recommend that you do so too.