[perfectpullquote align=”right” bordertop=”true” cite=”Vinny Troia, Night Lion Security” link=”” color=”#327EA7″ class=”” size=”22″]”There is always a high risk for fraud, spam, or other even harmful actions when these types of data sets leak.”[/perfectpullquote]Yes, your data may have been exposed in yet another breach, this time at the sales intelligence firm Apollo. No passwords this time, but aggregated data such as email addresses, employers, geographic locations, job titles, names, phone numbers, salutations, and social media profiles. The data does not include financial data, Social Security numbers, or account credentials.
What does this mean? Well, all of this information in one location allows easier “personalized” targeting for phishing attempts. From Wired:
THE SALES INTELLIGENCE firm Apollo sent a notice to its customers last week disclosing a data breach it suffered over the summer. “On discovery, we took immediate steps to remediate our systems and confirmed the issue could not lead to any future unauthorized access,” cofounder and CEO Tim Zheng wrote. “We can appreciate that this situation may cause you concern and frustration.” In fact, the scale and scope of the breach has a lot of people concerned.
Apollo is a data aggregator and analytics service aimed at helping sales teams know who to contact, when, and with what message to make the most deals. “No one ever drowned in revenue,” the company says on its site. Apollo also claims in its marketing materials to have 200 million contacts and information from over 10 million companies in its vast reservoir of data. That’s apparently not just spin. Night Lion Security founder Vinny Troia, who routinely scans the internet for unprotected, freely accessible databases, discovered Apollo’s trove containing 212 million contact listings as well as nine billion data points related to companies and organizations. All of which was readily available online, for anyone to access. Troia disclosed the exposure to the company in mid-August.
It’s not just Apollo users who are affected, though they’re the worst off. It looks like they may have scraped data from many publicly available sources, including LinkedIn and Twitter.
There’s not much you as an individual can do about this kind of data breach, but you can stay informed by signing up with a free service like “Have I been pwned?“. They will notify you if your email is found in a breach so you can try to remediate any damage that might have been done by changing passwords, putting a credit block on cards, or keeping a close eye out for extra bank charges.
You can also subscribe to a paid service like ID Shield, that will notify you and help you remediate and regain your identity if it’s stolen. Nexa1 partners with IDShield if you’d like more information or would like to subscribe.
Basically, keep your information safe. Try to use the internet safely by having secure, unique passwords and not clicking on sites that you’re not sure of. If and when your information does become compromised, be aware when it happens, and make sure you know what to do when it happens.