In a major event that should make every professional pause and worry about their online privacy, cybersecurity researcher Bob Diachenko, working with nexos.ai, recently discovered an unprotected MongoDB database on November 23, 2025. This enormous collection, totalling around 16 terabytes (TB) of data, was left wide open online, shockingly exposing 4.3 billion professional records that criminals could easily use for targeted attacks.
For your information, MongoDB is a popular type of database widely used by businesses to store large amounts of data. According to Diachenko, the database was secured just two days later after they alerted the owner, but it is impossible to know who might have accessed it beforehand.
The Discovery and Data Details
Further investigation by the Cybernews team revealed that the dataset contained nine separate sections, or “collections,” with names like “profiles,” “people,” and “unique_profiles.” At least three of these collections exposed nearly 2 billion personal records.
The exposed details comprised Personally Identifiable Information (PII), including full names, email addresses, phone numbers, job roles, employment history, education, and links to professional platforms like LinkedIn.
The “unique_profiles” collection alone held over 732 million records with photographs. Researchers also found that the “people” collection included metrics and IDs tied to the Apollo.io network.
“According to our researchers, all records within a specific collection are unique. However, there could be duplicates between different collections within the exposed dataset,” Cybernews researchers explained.
Researchers noted that the total volume and organisation of the data strongly point to it being gathered from various sources, a common practice called scraping, possibly including previous leaks from as far back as 2021.
Who Owns the Data and Why It’s Dangerous
While the ultimate owner remains unconfirmed, further probing revealed strong clues. The database included web links suggesting it belonged to a lead-generation company (a firm that helps businesses find potential customers and has access to hundreds of millions of professionals), which closely matches the count of records found in the leaked collection.
“However, the team reserves the right not to attribute the leak to the company. There is a chance that the company’s presence in the leak points to its databases being scraped by the real owner of the data,” Cybernews researchers noted.
The primary danger here is that such large, structured datasets are a gold mine for criminals. With this level of detail, malicious actors can automate highly personalised scams, such as phishing (tricking people into giving up information) or even CEO fraud (impersonating a top executive), that are generally much harder for people to spot.
Researchers conclude that these records could be a strong base for cybercriminals to create extensive, searchable databases that could simplify attacks on high-value targets, including employees at major companies. Therefore, professionals must always use strong and unique passwords with two-factor authentication (2FA) enabled, and keep software updated to fix security weaknesses.
Here’s the full breakdown of the number of records in all 9 collections.
- people – 169,061,357 docs (3.95 TB)
- profiles – 1,135,462,992 docs (5.85 TB)
- sitemap – 163,765,524 docs (20.22 GB)
- intent – 2,054,410,607 docs (604.76 GB)
- companies – 17,302,088 docs (72.9 GB)
- intent_archive – 2,073,723 docs (620 MB)
- address_cache – 8,126,667 docs (26.78 GB)
- unique_profiles – 732,412,172 docs (5.63 TB)
- company_sitemap – 17,301,617 docs (3.76 GB)