The Apollo Breach Included Billions of Data Points (opens in new tab)

(wired.com)

76 pointshiby0077y ago21 comments

21 comments

"The sales intelligence firm firm Apollo sent a notice to its customers last week disclosing a data breach it suffered over the summer. "On discovery, we took immediate steps to remediate our systems and confirmed the issue could not lead to any future unauthorized access," cofounder and CEO Tim Zheng wrote. "We can appreciate that this situation may cause you concern and frustration." In fact, the scale and scope of the breach has a lot of people concerned."

Nice of them to notify their customers, but not the people whose data has been exposed. "Have I Been Pwned" alerted me.

IceyEC7y ago

I didn't even know who Apollo was until I got that email

fooey7y ago

I still haven't figured out who they are, but my email account that was compromised was made specifically for Heroku.

Thanks to haveibeenpwned.com for the heads up.

4 more replies

shady-lady7y ago

Apollo, formerly known as ZenProspect, YC Winter 2016 class.

Unlikely they're not active on HN. Maybe they could elaborate on how this happened.

Wonder how hard GDPR fines are going to hit them.

also only notified by haveibeenpwned

syncerr7y ago

Apollo has a page on how to have your data removed. Simply request it by emailing support@apollo.io or remove@apollo.io.

https://www.apollo.io/legal

abricot7y ago

Too late.

wl7y ago

My work contact information has been in the Apollo, Exactis, and NetProspex breaches. I have no idea how my information ever got in these databases. Have I been pwned sent the only notifications I got about these breaches. Does anyone maintain a list of these services I can preemptively get my information removed from?

jaclaz7y ago

I may be missing something, but the net effect of this kind of breach is seemingly not that (like the case of a data breach of a "single" company user database) of having "reserved" data (that only the company had and that was given to it with an expectation in good faith by the user to keep it safe) in the hands of someone else, it is more like having data that was already available to anyone for a fee in the hands of someone that didn't pay that fee.

throwawaylolx7y ago

Can I check what data Apollo had on me?

mattlondon7y ago

If you are a EU citizen then GDPR should allow you to request it since they are clearly operating in the EU if you are from the EU and got notified.

Email them and say that you are making a GDPR subject access request. They have 30 days to respond.

raggi7y ago

I once ran a social media marketing organization where we were very good about not scraping data outside of the terms and conditions of the networks we interacted with.

In so many of these breaches we're seeing cases where these analytics firms have data scraped from networks that is well in violation of terms - not mistakenly, but wanton disregard for data usage policies of those networks.

Why is nothing ever done about that?

Latteland7y ago

we need gdpr in the us

lostmsu7y ago

In all these breaches I wonder if the data ends up public. Might serve good to sciences.

sushid7y ago

It has peoples names, phone numbers, job titles, and current places of employment. I don't see how that level of compromise is good for the sciences.

lostmsu7y ago

With that kind of info you could compute various societal statistics on occupation. Including, for example, being able to see if any large company has minorities underrepresented in higher-level positions.

j / k navigate · click thread line to collapse

21 comments

uptown7y ago

Nice of them to notify their customers, but not the people whose data has been exposed. "Have I Been Pwned" alerted me.

IceyEC7y ago

I didn't even know who Apollo was until I got that email

fooey7y ago

I still haven't figured out who they are, but my email account that was compromised was made specifically for Heroku.

Thanks to haveibeenpwned.com for the heads up.

4 more replies

shady-lady7y ago

Apollo, formerly known as ZenProspect, YC Winter 2016 class.

Unlikely they're not active on HN. Maybe they could elaborate on how this happened.

Wonder how hard GDPR fines are going to hit them.

also only notified by haveibeenpwned

syncerr7y ago

Apollo has a page on how to have your data removed. Simply request it by emailing support@apollo.io or remove@apollo.io.

https://www.apollo.io/legal

abricot7y ago

Too late.

wl7y ago

jaclaz7y ago

throwawaylolx7y ago

Can I check what data Apollo had on me?

mattlondon7y ago

If you are a EU citizen then GDPR should allow you to request it since they are clearly operating in the EU if you are from the EU and got notified.

Email them and say that you are making a GDPR subject access request. They have 30 days to respond.

raggi7y ago

I once ran a social media marketing organization where we were very good about not scraping data outside of the terms and conditions of the networks we interacted with.

Why is nothing ever done about that?

Latteland7y ago

we need gdpr in the us

lostmsu7y ago

In all these breaches I wonder if the data ends up public. Might serve good to sciences.

sushid7y ago

It has peoples names, phone numbers, job titles, and current places of employment. I don't see how that level of compromise is good for the sciences.

lostmsu7y ago

j / k navigate · click thread line to collapse