Well another data breach announced today! Statements from Apollo are saying it is not sensitive personally identifiable information but in my opinion it is worse because if it was an password or credit card number... we can change those. We can't change our name, email, title or company name. This list exposes email addresses with all the company information. Since Apollo is a sales engagement startup, I am guessing this is list building information which pushes the easy button for social engineering... it gives hackers the "mail merge-able" kind of information to do phishing attacks into organizations. Imagine if a hacker now has a huge list of CEO, CFO, Accounts Payable names in an business, they can pretty easily draft up that email for that wire transfer! In mass quantities. So be on the look out for the social engineering phishing emails to increase. Typically this kind of information lays low for a few months and then they use it for attacks.
Here is the details I found on the HaveIBeenPawned web site:
In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their "revenue acceleration platform" and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they're located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data.
