Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone's reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles.
The cache includes personal details that can identify users and could help adversaries create phishing attacks that are more difficult to recognize.
According to Bob Diachenko, Director of Cyber Risk Research at Hacken, the trove was exposed via a MongoDB instance that could be accessed without authentication.
He found 66,147,856 unique records containing full name, personal or professional email address, user's location details skills, phone number, and employment history. A link to the individual's LinkedIn profile was also present.
Check if your details were exposed
He was unable to determine the owner of the database but says that it is no longer online at the moment. This does not exclude the possibility of popping on the web again, though.
The scraped data is currently uploaded to the HaveIBeenPwned service which allows users to check if their personal information has been exposed.