What types of data were exposed in the database?

The exposed database contained LinkedIn-style professional information including full names, email addresses, phone numbers, LinkedIn profile links, job titles, current and former employers, complete work history, educational background, geographic locations, professional skills, language proficiencies, social media accounts, profile image URLs, Apollo IDs, and enrichment metrics.

Who owned the exposed database?

The ownership of the database is not confirmed. Researchers identified clues pointing to a potential lead-generation company that claims to maintain access to over 700 million professional profiles, which aligns with the 732 million records in the unique_profiles collection. The database was taken offline within a day of the company being notified, though researchers cautiously avoided definitive attribution.

What are the security risks associated with this data leak?

Cybernews researchers emphasized that large language models can leverage the exposed profile information to generate millions of personalized malicious emails with minimal effort. The concern is that requiring only one successful compromise of a high-value target could make such operations profitable for cybercriminals.

Incident

Massive 16TB database leaks 4.3 billion professional records

Q: What was discovered in the November 2025 data leak?

On November 23, 2025, security researcher Bob Diachenko and nexos.ai discovered an unsecured 16-terabyte MongoDB database containing approximately 4.3 billion professional records. The database remained accessible without authentication or password protection until it was secured on November 25, 2025.

Q: How was the database organized?

The database was organized into nine collections: 'intent' with over 2 billion documents, 'profiles' with 1.1 billion records, 'unique_profiles' with 732 million entries, 'people' with 169 million documents, 'sitemap' with 163 million records, 'companies' with 17.3 million entries, 'company_sitemap' with 17.3 million documents, 'address_cache' with 8.1 million records, and 'intent_archive' with approximately 2 million documents.

published: Dec. 14, 2025

Take action: Data brokers are just greedy, but not at all good with their data protection. Because it's not their data, it's simply grabbed and abused.

Learn More

A significant data leak was discovered on November 23, 2025, when security researcher Bob Diachenko and nexos.ai identified an unsecured 16-terabyte MongoDB database containing approximately 4.3 billion professional records.

The database, which primarily contained LinkedIn-style professional information, remained accessible without authentication or password protection until it was secured two days later on November 25, 2025.

The collections are: "intent" with over 2 billion documents, "profiles" containing 1.1 billion records, "unique_profiles" with 732 million entries, "people" holding 169 million documents, "sitemap" with 163 million records, "companies" containing 17.3 million entries, "company_sitemap" with 17.3 million documents, "address_cache" holding 8.1 million records, and "intent_archive" containing approximately 2 million documents.

According to researchers, all records within each specific collection were unique, but duplicates could exist across different collections within the exposed dataset. At least three of these collections profiles, unique_profiles, and people contained personally identifiable information. The exposed data included:

Full names
Email addresses
Phone numbers
LinkedIn profile links
Job titles and roles
Current and former employers
Complete work history
Educational background
Geographic locations
Professional skills
Language proficiencies
Social media account information
Profile image URLs (over 732 million records)
Apollo IDs linked to the Apollo.io ecosystem
Enrichment metrics and professional metadata

The number of affected individuals is not clear. The ownership of the exposed database is not confirmed. Researchers identified several clues pointing to a potential lead-generation company. Analysis of sitemap records revealed links to "/people" and "/company" paths associated with a specific website. The suspected company claims to maintain access to over 700 million professional profiles, which closely aligns with the 732 million records found in the "unique_profiles" collection.

The database was taken offline within a day of the company being notified, lending further credence to the connection. However, researchers cautiously avoided definitive attribution, acknowledging the possibility that the company itself may have been the victim of data scraping rather than the database's owner.

Cybernews researchers emphasized that large language models can leverage such profile information to generate millions of personalized malicious emails with minimal effort, requiring only one successful compromise of a high-value target to make the operation profitable.

Massive 16TB database leaks 4.3 billion professional records