Apollo 2018 Data Breach

Apollo.io Sales Intelligence Platform Breach: 92M Professional Profiles Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationData BrokerEmail AddressEmployerFull NameGeographic LocationJob InformationPhone NumberSalutationSocial Media Profile
Low SeverityWebsite / service breach

Apollo.io Sales Intelligence Platform Breach: 92M Professional Profiles Exposed

Sales intelligence and engagement platform.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: Apollo · Actor: Unknown · Sources: 7 references
Attack: Misconfiguration
Profile: Data Broker · B2B contact and company data aggregation · Sales intelligence platform and lead data provider · USA
Timeline: Breach (2018-07-23) · Indexed (Dec 01, 2024) · Year (2018)
Exposure: 92.4M records · 8 fields: Email Address, Employer, Full Name, Geographic Location, Job Information, Phone Number, Salutation, Social Media Profile
Status: Confirmed

Executive Summary

Apollo.io, a sales intelligence and engagement platform, left a database containing billions of data points publicly exposed without a password in July 2018. Security researcher Vinny Troia discovered the unsecured database and sent a subset of the data, containing nearly 126 million unique email addresses, to the breach notification service Have I Been Pwned. The exposure affected 92.4 million records in total and stemmed from a misconfiguration rather than an external attack. The exposed data included names, email addresses, phone numbers, employers, job titles, geographic locations, salutations, and social media profiles. Apollo confirmed that passwords, Social Security numbers, and financial data were not included. Even so, the exposed dataset is highly structured and detailed, making it well-suited for spearphishing, business email impersonation, and executive targeting. Many affected individuals never directly interacted with Apollo; their information was held as part of the platform's broader B2B contact database. No major regulatory action or litigation was publicly reported in connection with this breach. Apollo notified affected parties and maintained that the exposure was limited to non-sensitive professional data. For affected individuals, the practical risk remains: their professional profiles, contact details, and organizational affiliations are now part of a known, circulated dataset that can be used to craft highly convincing fraudulent communications.

ObscureIQ assessment: High risk because the data is already structured for targeting. Exposure enables spearphishing, executive targeting, business impersonation, and BEC-style attacks at scale.

Breach Impact

The 2018 Apollo breach exposed the concentrated risk of B2B sales-intelligence platforms by leaving a vast broker-style contact corpus publicly accessible without a password. HIBP says the exposed dataset contained 125.9 million unique email addresses and included names, employers, geographic locations, job titles, phone numbers, salutations, and social media profiles, making it highly useful for phishing, business email compromise pretexting, executive targeting, enrichment, and large-scale corporate identity mapping. Apollo publicly maintained that the exposed data did not include passwords, Social Security numbers, or financial data, but that did little to reduce the operational value of the dataset for targeted abuse.

About Apollo

Apollo.io is a sales-intelligence and engagement platform that combines business contact data, company records, prospecting tools, sequencing, and workflow automation for go-to-market teams. Its public positioning centers on giving sales and marketing users access to a very large B2B contact graph and the tooling to search, enrich, engage, and convert against it.

Why They Hold Your Data

Sales-intelligence platforms aggregate business contact records, company profiles, job titles, emails, phone numbers, and employer-linked identifiers across lead-generation and outbound-sales workflows.

Recent Developments

Apollo remains an active and growing GTM software company with a clear AI-first expansion strategy. Its 2025 product updates emphasized AI-generated summaries, mobile workflows, and expanded calling and extension features, and in March 2026 the company announced its acquisition of Pocus as part of a broader push to build an AI-native operating system for revenue teams.

Data Points Exposed

8 verified field types
Email Address
Employer
Full Name High
Geographic Location
Job Information
Phone Number
Salutation
Social Media Profile

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
  • Social media account targeting and impersonation
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Business Email Compromise seeding
  • Name-based social engineering
  • Pattern-of-life analysis & physical surveillance
  • Vishing & authority impersonation
  • SIM swapping, vishing & SMS phishing
  • Professional impersonation seeding
  • Account impersonation & social graph harvesting

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Apollo breach?

Apollo.io, a sales intelligence and engagement platform, left a database containing billions of data points publicly exposed without a password in July 2018. Security researcher Vinny Troia discovered the unsecured database and sent a subset of the data, containing nearly 126 million unique email…

What data was exposed?

Verified fields include Email Address, Employer, Full Name, Geographic Location, Job Information, Phone Number, Salutation, Social Media Profile.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
Dehashed
Independent catalogue listing
Cross-source
LeakCheck.io
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation