Massive Data Breach Exposes 4.3B Records, Including UK Healthcare
TL;DR
Unsecured Database Exposes Billions of Professional Records
A 16TB MongoDB database was discovered containing approximately 4.3 billion professional records. The database was left unsecured and was only secured after researchers from nexos.ai and researcher Bob Diachenko notified the owner on November 23, 2025. It was secured two days later. It is currently unknown if the database was accessed before it was secured. Cybernews staff analyzed the unsecured database and found nine collections.
The collections included:
- intent – 2,054,410,607 docs (604.76 GB)
- profiles – 1,135,462,992 docs (5.85 TB)
- unique_profiles – 732,412,172 docs (5.63 TB)
- people – 169,061,357 docs (3.95 TB)
- sitemap – 163,765,524 docs (20.22 GB)
- companies – 17,302,088 docs (72.9 GB)
- company_sitemap – 17,301,617 docs (3.76 GB)
- address_cache – 8,126,667 docs (26.78 GB)
- intent_archive – 2,073,723 docs (620 MB)
At least three collections exposed nearly two billion personal records. This exposed data included names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social accounts. The “unique_profiles” dataset alone listed over 732 million records with image URLs. The "people" collection included enrichment metrics and Apollo IDs linked to the Apollo.io ecosystem, with no signs of an Apollo breach. More details on the breach can be found at Security Affairs.
Impact of the Data Leak
According to Cybernews, it is difficult to determine the age of the LinkedIn data. Timestamps show records were collected or updated in 2025, but some data may date back years, including possible scrapes from large LinkedIn leaks claimed by threat actors in 2021. The massive amount of structured data enables targeted attacks, including phishing and CEO fraud, corporate reconnaissance, and large‑scale AI‑driven attacks. With billions of records, criminals can automate personalized scams. This reduces prep time, and allows them to focus on high‑value targets, including Fortune 500 employees. Learn how GrackerAI helps automate cybersecurity marketing.
Cybernews states that, "Large language models (LLMs) are capable of generating personalized messages based on user profile information. With some additional effort, tens of millions of malicious emails can be sent to victims, and it only takes one high-value target for the whole operation to be profitable for the attacker." Read more about the dangers of the leak on Security Affairs.
Healthcare Worker Data Exposed in Logezy Breach
Millions of healthcare worker records in the UK were exposed due to a publicly accessible database. Security researcher Jeremiah Fowler discovered the unprotected database, which contained 7,975,438 files totaling 1.1 TB. The database included work authorization documents, national insurance numbers, certificates, electronic signatures, timesheets, user images, and government-issued identification documents. TechRadar reported on the breach.
The database contained 656 directory entries indicating different companies, primarily healthcare providers, recruiting agencies, and temporary employment services. Fowler determined that the database belonged to Logezy — an employee management and tracking software company. Logezy secured the database after notification. SC Media UK also covered the story.
Risks and Implications
The exposed data is valuable for fraud, including wire fraud, payment scams, and identity theft. If you have used Logezy in the past, monitor your accounts and credit reports for suspicious activity. GrackerAI offers solutions to help monitor and protect your brand from such threats.
These instances are considered a low-hanging fruit for cybercriminals. Stealing this information does not require phishing, social engineering, hunting for zero-day vulnerabilities, or exploiting unpatched endpoints. Automate your cybersecurity marketing with GrackerAI: daily news, SEO-optimized blogs, AI copilot, newsletters & more. Start your FREE trial today!
