Apollo is one of many. The broader pattern is the same across the industry — companies collect data with one set of promises and then the data ends up accessible through channels users never consented to.

I've been documenting this pattern in AI apps specifically. The number of companies shipping to production with Firebase rules set to "allow read: if true" or Supabase databases with no Row Level Security is staggering. The identity data people hand over during verification often ends up in databases with zero access controls.

LinkedIn at least has a security team. Most AI startups shipping verification flows don't.