Massive 16TB Database Exposing 4.3 Billion Professional Records Discovered Unsecured
On November 23, 2025, security researcher Bob Diachenko and nexos.ai uncovered an unsecured 16TB MongoDB database containing approximately 4.3 billion professional records. The database, which remained exposed until it was secured two days later after researchers alerted the owner, posed significant risks for large-scale cyberattacks.
The dataset included nine collections, with three—profiles, unique_profiles, and people—holding nearly two billion records of personally identifiable information (PII). Exposed data encompassed names, emails, phone numbers, LinkedIn profiles, job roles, work history, education, skills, and social media links. The unique_profiles collection alone contained over 732 million records, many with image URLs, while the people collection included enrichment metrics tied to the Apollo.io ecosystem, though no breach of Apollo was confirmed.
Timestamps indicated some records were collected or updated in 2025, though portions of the data may have originated from older LinkedIn breaches, including those claimed by threat actors in 2021. The database’s ownership remains unconfirmed, though clues suggest a lead-generation firm, which advertises access to over 700 million professionals—a figure closely matching the unique_profiles count. The company took the database offline a day after being notified, but researchers stopped short of direct attribution, noting the data may have been scraped from multiple sources.
The leak’s scale and structure make it a prime resource for cybercriminals. With billions of records, attackers can automate highly targeted phishing, CEO fraud, and corporate espionage campaigns. Large language models (LLMs) could further exploit the data to generate personalized scams at scale, reducing the effort required to compromise high-value targets, such as Fortune 500 employees. Additionally, the dataset could be enriched with other leaked information, enabling credential-stuffing attacks and more sophisticated social engineering schemes. The incident underscores the growing threat of AI-driven cybercrime fueled by unsecured, mass-collected data.
TPRM report: https://www.rankiteo.com/company/nexos-ai
"id": "nex1765706674",
"linkid": "nexos-ai",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 700 million professionals '
'(estimated)',
'industry': 'Data Brokerage/Lead Generation',
'type': 'Lead-generation company (suspected)'}],
'attack_vector': 'Unsecured Database',
'customer_advisories': 'Individuals should monitor for phishing attempts, '
'unauthorized account access, and identity theft '
'risks. Enable multi-factor authentication (MFA) on '
'all accounts.',
'data_breach': {'data_encryption': 'No (unsecured database)',
'number_of_records_exposed': '4.3 billion',
'personally_identifiable_information': ['Names',
'Emails',
'Phone numbers',
'LinkedIn links',
'Job roles',
'Employers',
'Work history',
'Education',
'Locations',
'Skills',
'Languages',
'Social accounts',
'Image URLs',
'Apollo IDs'],
'sensitivity_of_data': 'High (PII including names, emails, '
'phone numbers, LinkedIn links, job '
'roles, employers, work history, '
'education, locations, skills, '
'languages, and social accounts)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Professional records']},
'date_detected': '2025-11-23',
'date_publicly_disclosed': '2025-12-14',
'date_resolved': '2025-11-25',
'description': 'An open 16TB database exposed 4.3 billion professional '
'records, mainly LinkedIn-style data, enabling large-scale '
'AI-driven social-engineering attacks. The unsecured MongoDB '
'database was discovered by researcher Bob Diachenko and '
'nexos.ai on November 23, 2025, and secured two days later. '
'The dataset contained personally identifiable information '
'(PII) such as names, emails, phone numbers, LinkedIn links, '
'job roles, employers, work history, education, locations, '
'skills, languages, and social accounts.',
'impact': {'brand_reputation_impact': 'High (potential for misuse of exposed '
'PII)',
'data_compromised': '4.3 billion professional records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential (regulatory violations due to PII '
'exposure)',
'operational_impact': 'Potential for large-scale AI-driven '
'attacks, phishing, and social engineering',
'systems_affected': 'Unsecured MongoDB database'},
'investigation_status': 'Ongoing (ownership unconfirmed)',
'lessons_learned': 'Unsecured databases pose significant risks for '
'large-scale data exposure, enabling AI-driven attacks and '
'social engineering. Organizations must enforce strict '
'access controls and monitoring for sensitive datasets.',
'motivation': 'Unknown (Potential for AI-driven social engineering, phishing, '
'and corporate reconnaissance)',
'post_incident_analysis': {'corrective_actions': 'Database secured and taken '
'offline. Further '
'investigation needed to '
'confirm ownership and '
'prevent recurrence.',
'root_causes': 'Misconfigured MongoDB database '
'with no access controls'},
'recommendations': ['Implement strict access controls for databases '
'containing PII',
'Regularly audit database configurations for security '
'misconfigurations',
'Monitor for unauthorized access to sensitive datasets',
'Enhance data encryption practices',
'Develop and test incident response plans for data '
'exposure scenarios'],
'references': [{'date_accessed': '2025-12-14', 'source': 'SecurityAffairs'},
{'date_accessed': '2025-12-14', 'source': 'Cybernews'}],
'regulatory_compliance': {'regulations_violated': ['Potential GDPR violations',
'Potential CCPA '
'violations']},
'response': {'containment_measures': 'Database secured two days after '
'discovery',
'remediation_measures': 'Database taken offline',
'third_party_assistance': 'Researchers (Bob Diachenko and '
'nexos.ai)'},
'stakeholder_advisories': 'Potential for targeted attacks, phishing, and '
'AI-driven social engineering. High-risk for '
'identity theft and corporate reconnaissance.',
'title': 'Unsecured 16TB Database Exposes 4.3B Professional Records',
'type': 'Data Exposure',
'vulnerability_exploited': 'Misconfigured MongoDB Database'}