What Happened
On November 23, 2025, cybersecurity researcher Bob Diachenko discovered an unprotected MongoDB database containing approximately 4.3 billion records of LinkedIn-derived professional and corporate intelligence data totaling 16 terabytes. The exposed dataset included LinkedIn URLs, profile handles, full names, emails, phone numbers, employment histories, education details, location data, social media accounts, and photographs from at least 732 million unique profiles. The data appeared to have been collected and updated within 2025 through automated scraping and enrichment pipelines, likely sourced from LinkedIn and integrated with information from the sales intelligence tool Apollo.io. The database was secured by its owners two days after discovery on November 25, 2025. Researchers could not definitively confirm the dataset’s owner but identified indicators suggesting it may have belonged to a lead-generation company, though there is a possibility the company’s presence in the leak indicates its own databases were scraped by the actual data holder. The exposure poses significant risks for large-scale phishing attacks, CEO fraud, corporate reconnaissance, credential stuffing, and AI-assisted automated attacks leveraging the massive volume of accurate, up-to-date personal information.
