An unsecured 16TB MongoDB database exposed over 4.3 billion professional records, including sensitive personal information and LinkedIn data, facilitating social-engineering attacks. The breach was discovered by researchers Bob Diachenko and nexos.ai and was secured shortly after; the dataset may have been used for malicious purposes. #MongoDB #LinkedInLeak
Keypoints
- A 16TB unsecured MongoDB database exposed billions of professional records in 2025.
- The dataset included personal details such as names, emails, phone numbers, and LinkedIn links.
- Researchers identified nine collections, with at least three containing personally identifiable information (PII).
- The source of the leak remains unconfirmed but possibly linked to a lead-generation company or scraping activity.
- The exposed data poses a significant threat for targeted AI-driven social engineering, phishing, and corporate reconnaissance attacks.