- Researchers discovered an unprotected 16 TB MongoDB database that exposed nearly two billion records of personal information.
- The data likely comes from LinkedIn and Apollo.io and is linked to a potential lead generation company.
- The database was secured after the disclosure, but the duration of the disclosure and malicious access is unknown.
More than 16 terabytes of professional data and business information, including personally identifiable information (PII), was in an unsecured database and available to anyone who knew where to look.
This is according to cybersecurity researchers at Cybernews, who found the database and called it “one of the largest lead generation datasets ever.”
Despite the risks and potential disruptions, insecure databases remain one of the most common causes of data breaches. In this case, researchers discovered a MongoDB database containing nearly 4.3 billion documents.
Personally Identifiable Information
The documents are divided into nine collections, including the titles ‘Intent’, ‘Profiles’, ‘People’, ‘Sitemap’ and ‘Company’. This structure led researchers to believe that the database likely came from LinkedIn and Apollo.io (an artificial intelligence sales platform).
Of the nine data collected, at least three contained personal data. These collections include nearly two billion files, leaked personal names, emails, phone numbers, URLs and LinkedIn profile IDs, jobs, employers, work history, education, degrees and certifications, location data, languages, skills, job titles, social media accounts, image URLs, email trust scores, and Apollo IDs.
One of the collections also contained photographs of people. Any personal information made public exposes users to a serious risk of identity theft or fraud.
Cybernews said it could not attribute the database to a specific entity beyond a reasonable doubt, but said it had found evidence pointing to a lead generation company.
“The company helps companies find and connect with potential customers by giving them access to a large B2B database of potential customers that is highly correlated with the type of information in the public database,” the report said. The researchers contacted this company and, although they did not receive confirmation of ownership, the database was blocked two days later.
It’s also unclear how long the instance has been open and if an attacker ever had access to it, but it’s entirely possible.
IN cyber news