
The Apollo Breach Included Billions of Data Points - hiby007
https://www.wired.com/story/apollo-breach-linkedin-salesforce-data/
======
uptown
"The sales intelligence firm firm Apollo sent a notice to its customers last
week disclosing a data breach it suffered over the summer. "On discovery, we
took immediate steps to remediate our systems and confirmed the issue could
not lead to any future unauthorized access," cofounder and CEO Tim Zheng
wrote. "We can appreciate that this situation may cause you concern and
frustration." In fact, the scale and scope of the breach has a lot of people
concerned."

Nice of them to notify their customers, but not the people whose data has been
exposed. "Have I Been Pwned" alerted me.

~~~
IceyEC
I didn't even know who Apollo was until I got that email

~~~
fooey
I still haven't figured out who they are, but my email account that was
compromised was made specifically for Heroku.

Thanks to haveibeenpwned.com for the heads up.

~~~
regecks
The one that I got a hit for was made specifically for New Relic.

Is this some kind of sales platform or what? It's so tiresome to have your
email become the town bike the moment any SaaS gets their hands on it.

~~~
fooey
I had a NewRelic account via Heroku, so that's a link for me too

------
shady-lady
Apollo, formerly known as ZenProspect, YC Winter 2016 class.

Unlikely they're not active on HN. Maybe they could elaborate on how this
happened.

Wonder how hard GDPR fines are going to hit them.

also only notified by haveibeenpwned

------
syncerr
Apollo has a page on how to have your data removed. Simply request it by
emailing support@apollo.io or remove@apollo.io.

[https://www.apollo.io/legal](https://www.apollo.io/legal)

~~~
abricot
Too late.

------
wl
My work contact information has been in the Apollo, Exactis, and NetProspex
breaches. I have no idea how my information ever got in these databases. Have
I been pwned sent the only notifications I got about these breaches. Does
anyone maintain a list of these services I can preemptively get my information
removed from?

------
jaclaz
I may be missing something, but the net effect of this kind of breach is
seemingly not that (like the case of a data breach of a "single" company user
database) of having "reserved" data (that only the company had and that was
given to it with an expectation in good faith by the user to keep it safe) in
the hands of someone else, it is more like having data that was already
available to _anyone_ for a fee in the hands of someone that didn't pay that
fee.

------
throwawaylolx
Can I check what data Apollo had on me?

~~~
mattlondon
If you are a EU citizen then GDPR should allow you to request it since they
are clearly operating in the EU if you are from the EU and got notified.

Email them and say that you are making a GDPR subject access request. They
have 30 days to respond.

------
raggi
I once ran a social media marketing organization where we were very good about
not scraping data outside of the terms and conditions of the networks we
interacted with.

In so many of these breaches we're seeing cases where these analytics firms
have data scraped from networks that is well in violation of terms - not
mistakenly, but wanton disregard for data usage policies of those networks.

Why is nothing ever done about that?

~~~
Latteland
we need gdpr in the us

------
lostmsu
In all these breaches I wonder if the data ends up public. Might serve good to
sciences.

~~~
sushid
It has peoples names, phone numbers, job titles, and current places of
employment. I don't see how that level of compromise is good for the sciences.

~~~
lostmsu
With that kind of info you could compute various societal statistics on
occupation. Including, for example, being able to see if any large company has
minorities underrepresented in higher-level positions.

