Researchers found a massive online database containing detailed work and contact information that was left open without authentication.
Security researchers Bob Diachenko and analysts at Cybernews discovered an unsecured MongoDB database containing approximately 16 terabytes of data, which exposed around 4.3 billion professional records. The database was found on November 23, 2025, and secured approximately two days after the owner was notified. According to Cybernews, the exposed data appeared to consist largely of LinkedIn-style professional information and was accessible without any login or password protection.
The database contained nine separate collections, several of which held very large volumes of personally identifiable information. At least three collections included names, email addresses, phone numbers, job titles, employers, work history, education details, locations, skills, languages, and links to social media profiles. One collection alone listed more than seven hundred million unique profiles with image URLs. Another dataset included enrichment identifiers associated with the Apollo.io ecosystem, although researchers said there was no evidence that Apollo itself had been breached. Timestamps indicated that some records were collected or updated in 2025, while other data may have originated from older sources, including prior large-scale scrapes of professional networking platforms.
Cybernews researchers said that records within individual collections appeared to be unique, although duplication across collections could not be ruled out. They noted that the ownership of the database has not been confirmed. Indicators suggested a possible lead generation or data enrichment operation, based on sitemap references and marketing claims that closely matched the volume of exposed profiles. However, the researchers cautioned that the organization linked to those indicators could itself have been a downstream recipient of scraped data rather than the original source.
An analysis by Medium points out that many large scale data exposures are driven by basic security mistakes rather than advanced hacking techniques. Misconfigured databases have become a common blind spot, particularly as organizations shift toward cloud based and hybrid environments that store massive volumes of aggregated personal data.
As businesses rely more on scraped and enriched datasets to support sales, marketing, and recruiting efforts, a single unsecured database can expose billions of records at once. These incidents create lasting risks, enabling phishing, impersonation, and other identity driven attacks long after the data is discovered and secured.
Job roles, employer names, and contact details allow attackers to tailor messages that appear relevant and credible, which increases the likelihood of engagement.
No. Researchers said the data resembles information commonly associated with professional networking sites, but there is no indication that LinkedIn systems were compromised.
They can be used for phishing, executive impersonation, recruitment scams, vendor fraud, and other forms of social engineering that rely on accurate background details.
Outdated records can still reveal career paths, corporate relationships, and contact patterns that remain useful for targeted attacks.
They can limit public profile details, review privacy settings on professional platforms, be cautious of unsolicited messages that reference work history, and verify unexpected requests through trusted channels.