16TB of corporate intelligence data exposed in one of the largest lead-generation dataset leaks
Date:
Thu, 11 Dec 2025 11:25:00 +0000
Description:
We've just witnessed the mother of all leaks as researchers found an unprotected behemoth database.
FULL STORY
- Researchers found an unprotected 16TB MongoDB database exposing nearly two billion PII-filled records
- Data likely scraped from LinkedIn and Apollo.io, tied to a possible
leadgen company
- Database was secured after disclosure, but exposure duration and malicious access remain unknown
More than 16 terabytes of professional and corporate intelligence data, including personally identifiable information (PII), was sitting in an unprotected database, available to anyone who knew where to look.
This is according to cybersecurity researchers at Cybernews who found the database and described it as one of the largest lead-generation datasets to have ever leaked.
Despite the risks and the disruptive potential, unprotected databases remain one of the most common causes of data leaks. In this instance, the
researchers found a MongoDB database with almost 4.3 billion documents.
Personally identifiable information
The documents were split into nine collections, labeled intent, profiles, people, sitemap, and companies - among others. This structure led the researchers to believe that the database was likely scraped, possibly from LinkedIn and Apollo.io (an AI sales platform).
Of the nine collections, at least three contained personally identifiable information. These collections, holding almost two billion files, exposed peoples names, emails, phone numbers, LinkedIn URLs and profile handles, position titles, employers, employment history, education, degrees and certifications, location data, languages, skills, functions, social media accounts, image URLs, email confidence scoring, and Apollo IDs.
One of the collections also had peoples photographs. All of the PII exposed
put users at serious risk of identity theft or fraud.
Cybernews says it could not attribute the database to a specific entity
without reasonable doubt, but said that it did find clues pointing to a lead generation company.
The company helps businesses find and connect with potential customers, providing access to a large-scale B2B database of leads that strongly correlates with the type of information included in the exposed database, the report states. The researchers reached out to that company, and while they
did not get confirmation of ownership, the database was locked down two days later.
It is also unknown for how long the instance remained open, or if a malicious actor accessed it before, but its certainly possible.
Via Cybernews
======================================================================
Link to news story:
https://www.techradar.com/pro/security/16tb-of-corporate-intelligence-data-exp osed-in-one-of-the-largest-lead-generation-dataset-leaks
$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)