Sales engagement startup Apollo, whose database of 200 million contacts across 10 million companies was reportedly hacked, is facing criticism for failing to protect the data it collects. According to TechCrunch, Apollo said its contacts database was stolen in a data breach.
While the company’s website offers no information on the breach, Apollo does admit that despite any security practices, it cannot guarantee the protection of the data it collects. “We understand the importance of the security of the information we collect, but we cannot promise that our security measures will eliminate all security risks or avoid any security breaches.”
Infosecurity Magazine contacted Apollo for more details but has not received a response. Bjoern Zinssmeister of Templarbit reportedly gained access to an email sent to affected Apollo customers. The communication acknowledged that the majority of exposed information came from its publicly gathered prospect database. According to TechCrunch, in Apollo's mandatory customer communication email, CEO Tim Zheng wrote that no additional information is available at this time given that the investigation is still ongoing.
Yet content from the email has been made public, and critics say Apollo's security efforts were insufficient. “In an email to affected customers, Apollo said the data breach was discovered weeks after system upgrades in July,” said Zohar Alon, CEO, Dome9. “Apollo is not the first company to have a breach go unresolved for a long period of time, proving organizations do not emphasize security to a high-enough degree.”
Acknowledging that there are security risks that could result in a breach does not go far enough in protecting customer data for a company that boasts a database of 200 million contacts from 10 million companies. “If other organizations want to prevent breaches like the one experienced by Apollo, they must leverage advanced security capabilities built for the cloud,” said Jacob Serpa, product marketing manager, Bitglass.
“They should employ multifactor authentication to verify users' identities more accurately, as well as contextual access control that can flexibly extend data access based on a user's location, device type, and more.”
“The breach of Apollo’s enormous database of 200 million prospective customers and 10 million companies adds to a growing list of companies that compile large amounts of data yet fail to keep it safe,” said Ruchika Mishra, director of products and solutions, Balbix.
“When you are expected to keep prospect, customer, supply chain and other business-critical contact information safe, you must be proactive about your security efforts and try to detect and mitigate cyber risks in your network before they are exploited.”