Billions Of Data Points About Consumers Exposed During Data Breach At Data Aggregator
Tuesday, October 23, 2018
It's not only social media companies and credit reporting agencies that experience data breaches where massive amounts of sensitive, personal information about millions of consumers are exposed and/or stolen. Data aggregators and analytics firms also have data breaches. Wired Magazine reported:
"The sales intelligence firm Apollo sent a notice to its customers disclosing a data breach it suffered over the summer... Apollo is a data aggregator and analytics service aimed at helping sales teams know who to contact, when, and with what message to make the most deals... Apollo also claims in its marketing materials to have 200 million contacts and information from over 10 million companies in its vast reservoir of data. That's apparently not just spin. Night Lion Security founder Vinny Troia, who routinely scans the internet for unprotected, freely accessible databases, discovered Apollo's trove containing 212 million contact listings as well as nine billion data points related to companies and organizations. All of which was readily available online, for anyone to access. Troia disclosed the exposure to the company in mid-August."
This is especially problematic for several reasons. First, data aggregators like Apollo (and social media companies and credit reporting agencies) are high-value targets: plenty of data is stored in one location. That's both convenient and risky. It also places a premium upon data security.
When data like this is exposed or stolen, it makes it easy for fraudsters, scammers, and spammers to create sophisticated and more effective phishing (and vishing) attacks to trick consumers and employees into revealing sensitive payment and financial information.
Second, data breaches like this make it easier for governments' intelligence agencies to compile data about persons and targets. Third, Apollo's database reportedly also contained sensitive data about clients. That's proprietary information. Wired explained:
"Some client-imported data was also accessed without authorization... Customers access Apollo's data and predictive features through a main dashboard. They also have the option to connect other data tools they might use, for example authorizing their Salesforce accounts to port data into Apollo..."
Salesforce, a customer relationship management (CRM) platform, uses cloud services and other online technologies to help its clients, companies with sales representatives, to manage their sales, service, and marketing activities. This breach also suggests that some employee training is needed about what to, and what not to upload, to outsourcing vendor sites. What do you think?
You can follow this conversation by subscribing to the comment feed for this post.