Hacker Puts Huge Database Stolen From Popular Marketing Platform Up for Sale Online
The breach has exposed millions of Apollo.io users to targeted attacks.
Threat researchers have revealed that a malicious actor is selling around 11 million records of French users’ data stolen from popular marketing platform Apollo.io.
The data is up for sale on a notorious hacking forum, exposing the users to possible phishing, fruit-force, and other types of cybersecurity risks.
Apollo is a B2B sales prospecting and online marketing business based in the United States.
The breached data directory contains a massive cache of information on millions of people from France, such as their complete names, contact details, geographical coordinations, work information, social networking accounts, etc.
Meanwhile, more information about how the database was stolen from Apollo is yet to be revealed. It is also not clear whether the malicious actor has gotten hold of additional segments of the Apollo user data directory, besides the data on France-based users.
Some experts suspect that the hacker may have extracted the information from a past infringement experienced by the marketing agency.
Apollo is yet to issue a statement to validate the authenticity of the alleged breach. Also, the marketing firm has not yet notified its users and clients about any such data leakage.
The Leaked Data
After slicing and dicing the leaked archive samples, researchers said the stolen database included personal and professional information about Apollo’s users possibly captured from the customers’ LinkedIn accounts. That consists of the France-based individuals’:
- First and last names
- Work and private email addresses
- Contact numbers
- The users home and workplaces addresses
- Existing and previous work engagement details, such as posits held and company identification
- LinkedIn profiles
Apollo is a B2B marketing and sales promotion company that offers sales prospecting solutions to businesses. It operates from San Francisco, helping businesses to locate, assess, and contact new leads to make sales.
The company mentions that it undertakes cybersecurity assessments every four months, performs frequent intrusion testings, and has cybersecurity defenses in place to protect user data.
However, Apollo is not new to data leaks. The sales engagement company came under fire when hackers stole its database in 2018. The data directory contained records of 200 million users.
Possible Repercussions of the Hack
Threat actors could use the stolen data in multiple ways to target the victims and their employers. For instance, they could send phishing links and spam emails to the victims, causing further damages.
Furthermore, the hackers could brute-force the victims’ email and social media passwords. The leak has exposed the users to the risk of the threat actors breaking into their work emails and targeting the companies where they work.
The stolen data directory doesn’t carry extremely sensitive details like SSNs, scanned docs, or financial information. However, just the email addresses are sufficient for hackers to access sensitive information and documents, causing severe harm.
Furthermore, attackers that use sophisticated assault techniques could synthesize the stolen data with details obtained from previous attacks to form a clearer picture of their target individuals’ digital identities. They can then develop fake digital identities to inflict serious damages on the victims.
Are You an Apollo User? Act Now!
If you are a user of Apollo solutions, you may have become a victim of this alleged leak. Make sure to take quick action to secure your data by taking the following steps:
- Visit the company’s privacy page and submit a request to delete your data.
- Alter your email address and social media passwords.
- Generate new passwords with a reliable password generation tool.
- Activate 2-factor verification for all your online accounts.
Be careful of links you receive through emails or messages on your mobile. Avoid opening dubious messages or clicking on spammy links, or replying to anyone you don’t know.