4.3B LinkedIn-style records exposed: one of the largest open lead-generation datasets ever discovered

An unprotected MongoDB server exposed more than 4.3 billion records, including detailed professional profiles, contacts, photos, and employment histories of users worldwide. The 16-terabyte dataset has become one of the largest lead-generation leaks ever identified.

Cybernews researchers discovered a publicly accessible MongoDB instance containing structured data likely scraped from LinkedIn and commercial lead-generation tools. The database included nine collections, among them:

• 732M unique profiles, many containing photographs;

• 1.13B general profiles with employment and education data;

• 169M “people” records with email validation, enrichment scores, and social accounts;

• corporate relationships, sitemaps, and large volumes of contact information.

The exposed records contained full names, emails, phone numbers, job titles, employment histories, languages, skills, geographic data, social media accounts, image URLs, and internal lead-scoring metrics. Some collections referenced an “Apollo ID,” suggesting ties to Apollo.io’s sales-intelligence ecosystem.

The instance was found on November 23, 2025, and secured only on November 25. The duration of exposure remains unknown.

Why It’s Dangerous

Massive structured datasets like this empower attackers to:

• launch highly targeted phishing campaigns;

• perform CEO fraud by impersonating executives;

• run corporate reconnaissance and social-engineering operations;

• automate attacks using AI-generated personalized messages;

• enrich records using other breaches, linking emails to passwords or device identifiers;

• sell or repurpose the database within criminal marketplaces.

Researchers warn that the dataset clearly reflects industrial-scale scraping and enrichment, creating surveillance-level dossiers on millions of professionals.

Apollo.io suffered a multibillion-record exposure in 2018, People Data Labs in 2019. Meanwhile, LinkedIn continues battling companies that scrape user profiles despite lawsuits and technical restrictions.

Even if the leak does not originate from a specific company, the presence of “Apollo ID” suggests that the exposed database may combine scraped and enriched datasets from multiple ecosystems.

A breach of this scale is more than a collection of profiles — it is a comprehensive map of corporate structures, relationships, and personal traces. Such datasets drastically lower the barrier for cybercriminals, enabling sophisticated phishing, fraud, and targeted intrusions with unprecedented speed and accuracy.