Sales engagement startup Apollo says its massive contacts database was stolen

The article talks about notifications and risks to <i>customers</i> of Apollo, but it&#x27;s not the <i>customers&#x27;</i> data that was stolen... It was that of 200 MILLION people who probably never opted into having their contact information packaged and sold to third parties.

This smells like someone leaving a DB open to the world (remember the old MongoDB open by default?)<p>I think stealing a whole database raises very serious questions as to how technically this was done and how would you prevent this at your company.<p>Unfortunately &quot;transparency first&quot; aside, companies don&#x27;t usually release this information which leaves us all wondering how we can better protect our users (outside of having sane defaults, closed by default, no ssh, private networks etc...).

So is this must be the database that hundreds of relentless SAAS Sales Reps use to send me emails like &quot;<i>Hi there, wanted to bubble this up in your inbox and see if you&#x27;d be interested in a convo about your site and how we can increase xxx% revenue with our yyyy solution</i>&quot;

These articles are always a little frustrating, especially to those of us who aren&#x27;t familiar with data management on that scale. For example, how was the breach carried out? How did the company know it occurred? Was there something the company should have done, but didn&#x27;t?<p>I understand why those details don&#x27;t make it into the media, but it&#x27;s hard not to be curious about it.

&gt; Apollo’s database contains publicly available data, including names, job titles, employers, social media handles, phone numbers and <i>email addresses</i>. It doesn’t include Social Security numbers, financial data or <i>email addresses</i> and passwords, Apollo said.<p>Eh? So are email addresses included or not? They’re listed in both categories.

Can someone with more experience of these things tell me how these breaches are discovered, and how they know what information was taken? I presume it&#x27;s not an exact science.

&quot;The email said that company said the breach was discovered weeks after system upgrades in July.&quot;<p>Wow. They emailed customers but made no public announcement that people&#x27;s email addresses and personal info had been stolen and now available on the black market.<p>This is absolutely atrocious incident management and disclosure. I smell a lawsuit, possibly from the state or federal government.

If you want to do something about this (and other) negligible organizations, head over to <a href="https:&#x2F;&#x2F;opt-out.eu" rel="nofollow">https:&#x2F;&#x2F;opt-out.eu</a>, search for Apollo, and the site will generate a GDPR erasure request that you can send. Disclaimer: I&#x27;m one of the site&#x27;s creators.

&gt; Apollo’s database contains publicly available data, including names, job titles, employers, social media handles, phone numbers and email addresses. It doesn’t include Social Security numbers, financial data or email addresses and passwords, Apollo said.<p>So I guess email addresses are a nullable field?

I have just read an article that might be useful for everyone who has received multiple calls from legit businesses at <a href="http:&#x2F;&#x2F;www.whycall.me&#x2F;news&#x2F;my-4500-payday-from-a-telemarketer&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.whycall.me&#x2F;news&#x2F;my-4500-payday-from-a-telemarkete...</a>. It&#x27;s quite difficult, but I think if we could win against those telemarketers, it will feel really good.

I am curious how the database was stolen. Did the person(s) who accessed the db delete the database afterwards or did they simply make a copy?

Isn&#x27;t that data freely available already on their website ? It looks like you can get full name, company, position just by creating a free account. Maybe they just scrapped it.

How? I want to know so I can try to avoid doing something similar.

How much does data like this trade for on the black market, and do vendors tend to partition it or just pursue quick turnover?