Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone's reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles.
The cache includes personal details that can identify users and could help adversaries create phishing attacks that are more difficult to recognize.
According to Bob Diachenko, Director of Cyber Risk Research at Hacken, the trove was exposed via a MongoDB instance that could be accessed without authentication.
He found 66,147,856 unique records containing full name, personal or professional email address, user's location details skills, phone number, and employment history. A link to the individual's LinkedIn profile was also present.