The Apollo Breach Included Billions of Data Points

&quot;The sales intelligence firm firm Apollo sent a notice to its customers last week disclosing a data breach it suffered over the summer. &quot;On discovery, we took immediate steps to remediate our systems and confirmed the issue could not lead to any future unauthorized access,&quot; cofounder and CEO Tim Zheng wrote. &quot;We can appreciate that this situation may cause you concern and frustration.&quot; In fact, the scale and scope of the breach has a lot of people concerned.&quot;<p>Nice of them to notify their customers, but not the people whose data has been exposed. &quot;Have I Been Pwned&quot; alerted me.

Apollo, formerly known as ZenProspect, YC Winter 2016 class.<p>Unlikely they&#x27;re not active on HN. Maybe they could elaborate on how this happened.<p>Wonder how hard GDPR fines are going to hit them.<p>also only notified by haveibeenpwned

Apollo has a page on how to have your data removed. Simply request it by emailing support@apollo.io or remove@apollo.io.<p><a href="https:&#x2F;&#x2F;www.apollo.io&#x2F;legal" rel="nofollow">https:&#x2F;&#x2F;www.apollo.io&#x2F;legal</a>

My work contact information has been in the Apollo, Exactis, and NetProspex breaches. I have no idea how my information ever got in these databases. Have I been pwned sent the only notifications I got about these breaches. Does anyone maintain a list of these services I can preemptively get my information removed from?

I may be missing something, but the net effect of this kind of breach is seemingly not that (like the case of a data breach of a &quot;single&quot; company user database) of having &quot;reserved&quot; data (that only the company had and that was given to it with an expectation in good faith by the user to keep it safe) in the hands of someone else, it is more like having data that was already available to <i>anyone</i> for a fee in the hands of someone that didn&#x27;t pay that fee.

Can I check what data Apollo had on me?

I once ran a social media marketing organization where we were very good about not scraping data outside of the terms and conditions of the networks we interacted with.<p>In so many of these breaches we&#x27;re seeing cases where these analytics firms have data scraped from networks that is well in violation of terms - not mistakenly, but wanton disregard for data usage policies of those networks.<p>Why is nothing ever done about that?

In all these breaches I wonder if the data ends up public. Might serve good to sciences.