On Friday, the worldwide digital security industry went amok when a fellow researcher tweeted that he had a sensational story to tell about nearly 1.4 identity leaks.

The U.S. company River City Media (RCM) has been accused of being a productive spammer. The security expert got access to RCM's data through back-ups that were left online by accident. The discovery he made was mind-blowing. The company's database contained more than 1.37 email accounts, IP, and physical addresses.

The hero of the day

The person behind the exposure is Chris Vickery, a security researcher at McKeeper.

He says he stumbled upon a massive, publicly exposed collection of files, which, however, seemed very suspicious to him. After browsing through the data for some time, he realized these were all stolen identities. Whoever had put them online most probably did it completely accidentally by forgetting to protect the data with a password. Vickary is convinced that this particular company's illegal moves are just the top of the iceberg. He believes that there is an active market for trafficking in lists containing stolen personal data for illicit purposes.

The digital goof of the year

Besides the personal information in the files, there were also messages RCM staff members had been exchanging among themselves, as well as documents about the company's business practices.

It is due exactly to these compromising materials that it was possible to officially accuse the company of being one of the biggest spam empires. Yesterday BBC asked RCM for comment on the allegations in illegal operations, but no response has been received yet.

How do they do it?

Many like to believe that it is mostly the people who visit adult entertainment sites or sites for pirated products and services who fall victims of the spammers.

But this is far from the reality. According to the most probable scenario, RCM used a combination of techniques, including co-registration and offers for free gifts, education opportunities, credit checks, etc.

While the spam empire is being taken down, as we speak, it is still uncertain what would happen to the database containing information of all those 1.37 billion users. And this is already a reason for concern.