- Researchers discovered an unprotected 16TB MongoDB database exposing nearly two billion records full of personal information.
- Data likely taken from LinkedIn and Apollo.io, linked to possible lead generation company
- The database was secured after its disclosure, but the duration of exposure and malicious access remains unknown.
More than 16 terabytes of professional data and company information, including personally identifiable information (PII), were located in an unprotected database, accessible to anyone who knew where to look.
That’s according to cybersecurity researchers at Cybernews who found the database and described it as “one of the largest lead generation datasets ever disclosed.”
Despite the risks and disruptive potential, unprotected databases remain one of the most common causes of data leaks. In this case, researchers found a MongoDB database containing almost 4.3 billion documents.
Personally Identifiable Information
The documents have been divided into nine collections, titled “intent,” “profiles,” “people,” “sitemap,” and “companies,” among others. This structure led researchers to believe that the database was likely scraped, perhaps from LinkedIn and Apollo.io (an AI sales platform).
Of the nine collections, at least three contained personally identifiable information. These collections, containing nearly two billion files, exposed people’s names, emails, phone numbers, LinkedIn URLs and profile IDs, job titles, employers, work history, education, degrees and certifications, location data, languages, skills, job titles, social media accounts, image URLs, email trust ratings, and Apollo IDs.
One of the collections also contained photographs of people. Any personal information exposed puts users at serious risk of identity theft or fraud.
Cybernews says it cannot attribute the database to a specific entity without reasonable doubt, but said it found clues pointing to a lead generation company.
“The company helps businesses find and connect with potential customers, giving them access to a large-scale B2B database of prospects that is highly correlated to the type of information included in the exposed database,” the report said. The researchers contacted this company and, although they did not get confirmation of ownership, the database was locked two days later.
It’s also unclear how long the instance has been open or if a malicious actor has ever accessed it, but it’s certainly possible.
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
