Back Home

In July 2018, an open Amazon AWS S3 bucket was discovered by Vinny Troia which belonged to the sales intelligence startup Apollo (formally known as ZenProspect). The S3 bucket contained a database housing 212 million contact records, as well as nine billion data points relating to the users & their companies or organisations.

Troy Hunt’s Have I Been Pwned service was kindly supplied with the 126 million unique email addresses contained within the breach by Vinny, which subsequently alerted the vast majority of the tech community to the breach. If you haven’t already signed up to Troy’s service, either as an organisation or an individual, now is absolutely the best time to go and fix that.

The Apollo website only lists a handful of customers, however it is clear from discussions that there are some well known names who utilise their services. Breach Insider can confirm that New Relic customer information is included in the breach. We have also heard unconfirmed reports of Plivo & Hired.com customer information also being part of the Apollo breach.

How did we confirm New Relic were affected?

During the early days of Breach Insider, we inserted our Insiders into a number of popular startups & websites to catch breaches just like this one.

Sometimes we see data breaches which affect a single business or website, due to a vulnerability or weakness which allowed a hacker to extract a section, or even all, of their database. Alternatively, we see data breaches which affect well connected third parties who collect huge quantities of sensitive data from multiple companies. It is unlikely that many of us have heard of Apollo, but most will have almost certainly heard of their customers, and may even use them in our professional lives.

Why we created Breach Insider

There are a number of answers to that question:

  • We wanted to make data breach detection easy and accessible for all businesses, no matter how big or small your business is.
  • We wanted to keep false positives and alarms to an absolutely minimum, to reduce alert fatigue and make our notifications truly actionable.
  • We wanted to be flexible enough that you can apply our detection services to any part of your business. Want to monitor your customer database? Not a problem. Need to keep an eye on your third-parties? We’ve got you covered.

In this scenario, adding an Insider to your New Relic account would have alerted you to the breach.

We can also monitor if the Apollo data has managed to fall into the wrong hands, as we will be able to monitor exactly what activity the accounts are experiencing – are they receiving meaningless spam for medical products, or maybe targeted spearphishing email attacks.

Get in touch today if you'd like to quickly and easily add data breach detection to your website or business, or if you need help monitoring your third party data processors for data leaks which may affect your brand. We would love to hear from you.