top of page
Search

Experts Discover Massive Unsecured Database with 4.3B Records

  • Dec 15, 2025
  • 2 min read

Key Findings


  • A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data

  • The database was discovered by researchers Bob Diachenko and nexos.ai on November 23, 2025 and secured two days later

  • The database contained 9 collections with at least 3 exposing nearly 2 billion personal records including names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social accounts

  • The "unique_profiles" dataset alone listed over 732 million records with image URLs

  • The database also contained enrichment metrics and Apollo IDs linked to the Apollo.io ecosystem

  • The ownership of the leaked dataset remains unconfirmed, but researchers found clues suggesting a lead-generation company


Background


The discovery of the unsecured 16TB database containing 4.3 billion professional records raises serious security and privacy concerns. Such a massive trove of personal data can enable large-scale AI-driven social-engineering attacks, including phishing, CEO fraud, corporate reconnaissance, and credential stuffing.


Potential Impacts


  • The leak enables targeted attacks by providing a strong foundational base for profile enrichment and personalized scams

  • Large language models can be used to generate personalized malicious messages at scale, increasing the chances of success

  • With billions of records, criminals can automate attacks and focus on high-value targets, including Fortune 500 employees


Ownership and Attribution


The ownership of the leaked dataset remains unconfirmed, but researchers found clues suggesting a lead-generation company. The firm claims access to over 700 million professionals, closely matching the exposed "unique_profiles" count, and the database went offline a day after notification. However, researchers stopped short of attribution, noting the company itself may have been scraped.


Conclusion


The discovery of this massive, unsecured database highlights the need for robust data security measures and increased vigilance against large-scale data breaches. The potential for abuse is significant, and authorities should investigate the incident thoroughly to mitigate the risks and hold the responsible parties accountable.


Sources


  • https://securityaffairs.com/185661/data-breach/experts-found-an-unsecured-16tb-database-containing-4-3b-professional-records.html

  • https://x.com/shah_sheikh/status/2000141019367805080

  • https://www.linkedin.com/posts/mrdigitalexhaust_experts-found-an-unsecured-16tb-database-activity-7406109885081346048-3QUL

  • https://ground.news/article/experts-found-an-unsecured-16tb-database-containing-43b-professional-records

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page