11 million records of French users stolen from marketing platform and put for sale online

The leak could put millions of Apollo.io users and their employers at risk of phishing and social engineering attacks, as well as brute-force attempts.

A user on a popular hacking forum is selling a database that purportedly contains close to 11 million user records stolen from Apollo, a US-based sales engagement and digital marketing company.

The files contained in the leaked archive include a wide variety of information about the 10,930,000 France-based users whose data has been purportedly stolen, including their full names, phone numbers, location coordinates, workplace information, social media profiles, and more.

The author of the post did not provide any additional information about how the data was exfiltrated from Apollo. It’s also unclear if the threat actor is in possession of more than just the French portion of the Apollo customer database, or if the stolen data is taken from a previous breach suffered by the company.

We asked Apollo if they could confirm that the leak was genuine, and whether they have alerted their users and clients, but we have received no reply from the company at the time of writing this report.

To see if any of your online accounts were exposed in other security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What was leaked?

Based on the samples we saw from the leak archive, it appears to contain a variety of mostly professional information about the users, potentially collected by Apollo from their LinkedIn profiles, including:

  • Full names
  • Personal and professional email addresses
  • Phone numbers
  • Location coordinates of the users and their employers
  • Professional data, including current and past employment positions, as well as detailed employer information
  • Links to LinkedIn profiles

An example of leaked data:

Who is the company behind the leak?

Apollo is a San Francisco based software company and the developers of a digital platform that helps businesses identify, analyze, and find new prospects to contact for marketing purposes.

According to Apollo themselves, the company conducts quarterly security audits, regular penetration tests, and has intrusion detection systems online. With that said, this is not the first time Apollo had their data leaked. Back in 2018, the company faced criticism after a database containing 200 million user records had been breached by threat actors.

What’s the impact of the leak?

The data found in the Apollo database can be used in a variety of ways against the users and employers whose information was exposed:

  • Conducting targeted phishing attacks
  • Spamming 11 million emails and phone numbers
  • Brute-forcing the passwords of personal email addresses and LinkedIn profiles
  • Attempting to break into professional email accounts in order to gain a foothold in the corporate networks of the users’ employers

While the leaked archive does not appear to contain deeply sensitive information like social security numbers, document scans or credit card details, even an email address can be enough for a threat actor to cause real damage.

Particularly determined attackers can combine the leaked information with data points from other breaches to create more detailed profiles of their potential victims and stage phishing and social engineering attacks against them or their employers, or even engage in identity theft.

Next steps

If you happen to be based in France and suspect that your data might have been exposed in this leak, we recommend you:

  • Go to Apollo’s personal data removal page and ask them to remove your professional profile via the removal form or live chat with a support agent.
  • Change the passwords of your personal and professional email accounts, as well as your LinkedIn account. 
  • Consider using a password manager to create strong passwords and store them securely.
  • Enable two-factor authentication (2FA) on all your online accounts.

Beware of potential phishing emails and text messages. Don’t click on anything suspicious or respond to anyone you don’t know.

More from CyberNews:


prefix 3 years ago
It is not possible to ask for a removal since they ask for a “Professional Profile URL” and hell only knows what that is
Leave a Reply

Your email address will not be published. Required fields are markedmarked