News of stolen data online is nothing new: it has been happening ever since users started connecting to the web and data leaks are actually a major issue in cybersecurity.

Recently, a user on a popular hacking platform claimed to possess 11 million French user records stolen from Apollo, a US-based digital marketing agency. The records have allegedly been put up for sale online and this puts the Apollo users as well as their employers at risk of phishing and cybersecurity attacks. The records include facets of information (mostly professional) about 10,930,000 French users whose data includes their full names, personal and professional email addresses, location coordinates of users and employers, social media profiles, phone numbers, workplace information including current and past employment positions, LinkedIn profiles, and more.

The hacker did not specify how they infiltrated Apollo’s database or whether they are in possession of just the French records or also data from a previous data breach at Apollo. 

Apollo is a digital marketing platform and software company that helps businesses identify and analyze new prospects for marketing purposes. The company is based in San Francisco and according to them, regular security audits and intrusion detection is conducted online to ensure maximum security. But back in 2018, threat actors had breached a database containing 200 million user records. When asked whether they could confirm the breach, Apollo had no comment ro make.

This security leak and exposure of sensitive information means that the data can be used in a variety of ways against the users and their employers:

• Conducting phishing attacks.
• Spamming the 11 million emails and phone numbers that were stolen.
• Brute-forcing passwords of LinkedIn profiles and email addresses.
• Attempting to break into professional email addresses in order to sabotage the corporate networks of users and their employers.

While the data does not seem to contain deeply sensitive information like social security numbers or credit card details, even email addresses are enough for a threat actor to wreak major havoc. Hackers who are particularly adept and determined can manage to combine information from stolen data from other platforms and breacges to put together a more comprehensive profile of victims – social engineering attacks, phishing, and even identity theft can come into play here.

If you happen to be in France and you are afraid that your data might be one of those that was stolen, here are a few steps you can take:

• Change the passwords to your personal and professional email addresses and LinkedIn account.
• Visit Apollo’s personal data removal page and submit an application to have your data or profile removed.
• Enable two-factor authentication (2FA) on all your online accounts.
• Don’t click on anything suspicious on the internet or in your email and don’t respond to anyone you don’t know.
• Beware of phishing emails.
• Use a password manager to create strong passwords for your accounts and secure them safely.

Remember, your security is important and your data is personal and no unauthorised person has the right to access it.