- Researchers found unprotected 16TB MongoDB database exposing nearly two billion records full of PII
- Data likely pulled from LinkedIn and Apollo.io, linked to potential lead generation company
- Database was protected after disclosure, but duration of exposure and malicious access unknown
More than 16 terabytes of professional and corporate intelligence data, including personally identifiable information (PII), sat in an unprotected database, available to anyone who knew where to look.
This is according to cybersecurity researchers at Cybernews who found the database and described it as “one of the largest lead generation data sets ever leaked.”
Despite the risks and disruptive potential, unprotected databases remain one of the most common causes of data leaks. In this case, researchers found a MongoDB database with almost 4.3 billion documents.
Personally identifiable information
The documents were divided into nine collections, called “intent,” “profiles,” “people,” “sitemap,” and “companies,” among others. This structure led researchers to believe that the database was likely scraped, possibly from LinkedIn and Apollo.io (an artificial intelligence sales platform).
Of the nine collections, at least three contained personally identifiable information. These collections, containing nearly two billion files, exposed people’s names, emails, phone numbers, LinkedIn URLs and profile identifiers, job titles, employers, work history, education, degrees and certifications, location data, languages, skills, roles, social media accounts, image URLs, email trust score, and Apollo IDs.
One of the collections also had photographs of people. All exposed PII puts users at serious risk of identity theft or fraud.
Cybernews says it can’t attribute the database to a specific entity without reasonable doubt, but said it found clues that point to a lead generation company.
“The company helps companies find and connect with potential customers by giving them access to a large-scale B2B database of potential customers that correlates strongly with the type of information included in the exposed database,” the report states. Investigators contacted that company and, although they did not obtain confirmation of ownership, the database was locked two days later.
It is also unknown how long the instance remained open or if a malicious actor accessed it before then, but it is certainly possible.
Through cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
