Records from 1998 to 2003 of 17 million people who used iBill had their information such as names, address, phone numbers, IP addresses, emails, credit card type, usernames, logins, purchases information and amounts purchased leaked on the web and traded by scammers

A security company accidentaly found two files, one with data of 17 million customers, the other with over a 1 million on a website set up by scammers.

And I love this quote from the security company guy:

Thomas speculates that an employee or other insider may have simply walked out of iBill with the transaction records to sell on the data black market.

What happened with the records from there is anyone's guess. The 1 million addresses found by Sunbelt Software were being used for spamming. Sunbelt found the database by tracing malware-infected computers as they connected to the internet to refresh their list of spam targets. The target list turned out to be the iBill database, hosted on a rogue website.
The whole article from Wired