/
.webp)
Deep-Dive Company Biography | Research-Backed | For LinkedIn Content
The phone call Tim Zheng dreaded most came on a Monday.
A security researcher named Vinny Troia had found something sitting wide open on the internet: a 2.1-terabyte archive stored on an Amazon S3 bucket with no password, no authentication, no lock of any kind. It contained over 200 million business contact records — names, business emails, phone numbers, LinkedIn profiles, employment histories, company affiliations. Three years of scraping. Every major social network in the pile. The entire inventory of a company whose entire product was trust.
The company was Apollo. And it was Tim Zheng's.
TechCrunch published at 9 a.m. Pacific. The headline read: "Sales engagement startup Apollo says its massive contacts database was stolen in a data breach." By noon, HaveIBeenPwned had the entry ready. By evening, LinkedIn's security team was publicly confirming the exposure. ZoomInfo's sales team was presumably already drafting competitive displacement email sequences.
In the sales intelligence business, you have exactly one asset: the promise that the data you hold is yours to hold. That you can be trusted with contact records, with CRM access, with pipeline information. That the information won't end up on a public server somewhere for anyone to download.
Apollo had just shattered that promise at a scale the industry had never seen.
Every rational observer in October 2018 would have written the same prediction: this company does not survive the year.
They were wrong.
Tim Zheng did not come from sales. He did not come from data. He came from education.
Before Apollo existed, before ZenProspect existed, Zheng was building BrainGenie — a math and science adaptive practice platform for students. The premise was solid. The product was functional. The go-to-market was the problem.
Selling to schools means selling to curriculum directors and district procurement managers and department heads buried inside institutional bureaucracies. These people are real. They have budgets. They make decisions. But finding them, knowing their names, reaching them directly — in 2013, that meant either paying ZoomInfo $9,000 a year for a contract built for Fortune 500 enterprise sales teams, or stitching together useless free tools that gave you company names but not the person you actually needed to reach.
Zheng built his own tools. Not because he wanted to. Because the alternative was not being able to sell his own product.
He scraped LinkedIn. He cross-referenced company websites. He pulled from AngelList and Twitter and Yelp. He built pipelines to validate and deduplicate and enrich. By the time he had a working prospecting system, he realized a quiet, obvious thing: the tooling he'd built to sell BrainGenie was more interesting than BrainGenie.
He wasn't alone in noticing. The entire class of startup founders trying to sell B2B software in 2014 had the same problem — a $9,000/year paywall for sales data that should cost a fraction of that. ZoomInfo had built for enterprise. LinkedIn Sales Navigator had built for individual reps, but locked the data in LinkedIn's walls. The middle — startups, SMBs, growth-stage companies — was unserved.
That gap was the founding thesis.
The company Zheng founded in 2015 was not called Apollo. It was called ZenProspect.
The name was aspirational — it gestured at making prospecting zen, effortless, calm. ZenProspect would scrape the public web, aggregate contact information, and surface the right person at the right company at a price startups could actually pay. Where ZoomInfo charged enterprise minimums, ZenProspect would charge starter rates. Where LinkedIn locked data inside LinkedIn, ZenProspect would pull it out into a usable format.
The early product was lean. A search interface. A database. Export to CSV. It worked well enough to attract early customers and eventually a YC application.
Apollo went through Y Combinator's Winter 2016 batch — a stamp of legitimacy in the infrastructure layer of B2B sales that confirmed the market was real and the timing was right. The YC network accelerated early enterprise connections and forced the team to sharpen the core thesis.
The rebrand from ZenProspect to Apollo happened as the product expanded. ZenProspect was a prospecting tool. Apollo was building something larger — a full-stack sales engagement platform where the database was the foundation, not the product. Sequences. Dialer. Analytics. CRM integration. The name needed to match the ambition.
There was also, reportedly, a practical issue: other companies had the ZenProspect name or something close enough to create confusion in a crowded market. Apollo was cleaner, bigger, more memorable. The god of reason and light. An appropriate choice, in retrospect, for a company that would later need to project trust after becoming infamous for the opposite.
CTO Ray Li co-founded Apollo with Zheng. The founding team's technical challenge was not the user interface or the sales workflow. It was the core data engineering problem: how do you build and maintain a contact database of 200 million people that stays accurate?
Contact data rots fast. People change jobs. Emails bounce. Phone numbers get recycled. LinkedIn profiles go stale. The conventional approach — scrape once, license the database, update periodically — produces data that's 30% stale by the time you use it.
Li's team built continuous crawling pipelines. They pulled from LinkedIn, Facebook, Twitter, AngelList, Salesforce integrations, Yelp, company websites. They ran validation passes. They deduplicated at scale. By 2018, the database held more than 200 million contact records spanning approximately 10 million companies — a genuinely impressive technical achievement.
It was also, in the wrong hands, a genuinely catastrophic liability.
The Apollo breach is often described in shorthand as a "hack." It wasn't. No external attacker penetrated Apollo's infrastructure. No sophisticated intrusion. No exploit chain.
Apollo's engineers had stored a copy of the database on an Amazon S3 bucket configured for public access. No password. No authentication. The data was simply there — accessible to anyone who knew the URL. Vinny Troia, a security researcher at Night Lion Security, found it. He notified Apollo and TechCrunch simultaneously.
The specific data exposed: names, business email addresses, phone numbers, LinkedIn profile URLs, employment history, company affiliations, business social media profiles. Not financial data. Not passwords. But the full commercial identity record of over 200 million people — assembled without any of their knowledge or consent.
Troy Hunt added Apollo to HaveIBeenPwned on October 5, 2018, listing the breach date as July 2018. This is the detail that rarely makes it into the standard retelling: the data sat exposed for approximately three months before anyone surfaced it publicly. Three months during which any party with the URL could download 2.1 terabytes of B2B intelligence without alerting a single system.
The scale in HaveIBeenPwned: 125.9 million individual accounts registered in the breach entry.
Underneath the security failure was a more fundamental question, and it was the question that threatened to take down not just Apollo but the entire sales intelligence industry.
None of the 200 million people in Apollo's database had ever agreed to be in Apollo's database.
They had posted their profiles on LinkedIn. They had listed their company on AngelList. They had shared their email on a conference speaker page. They had no idea that a sales intelligence company had aggregated all of that, deduplicated it, enriched it, packaged it, and sold access to it to thousands of sales teams.
The breach made this visible in a way that was impossible to ignore. LinkedIn's security team confirmed publicly: "A third-party sales intelligence company was compromised and exposed a large set of data aggregated from a number of social networks." LinkedIn sent cease-and-desist letters. Privacy advocates cited Apollo as exhibit A for everything wrong with the B2B data industry. The FTC paid attention.
Apollo held the bag. But the charge being leveled — that aggregating people's professional data without consent and monetizing it was ethically problematic — applied to ZoomInfo, to Lusha, to Hunter, to the entire category. Apollo was the company that got caught, in the most spectacular and public way possible, doing what everybody in the industry was doing.
Tim Zheng had options. Most companies in this position choose one of two paths: minimize the scope while the lawyers negotiate, or pivot to a completely different product and hope the market forgets.
Zheng chose a third path: full transparency, immediate ownership, and a serious structural rebuild.
The public response acknowledged the exposure. It didn't minimize the number. It took responsibility for the misconfiguration rather than pointing at external actors. It committed to notifying affected parties. And it announced something more substantive than a PR patch: a full security and compliance rebuild, starting with GDPR.
This was a bet that ran directly counter to instinct. GDPR was the EU's data protection framework — explicitly designed to give people control over their data, including the right to opt out of having it held by third parties. For a company whose business model was holding people's data without their knowledge, GDPR compliance was not a comfortable destination. It meant potentially having to delete records, honor removal requests, and build infrastructure that slowed down the core data machine.
Apollo chose to make that bet seriously rather than superficially. The alternative was becoming the company that treated GDPR as a checkbox while continuing the practices that caused the breach. The market would eventually notice.
What happened after October 2018 at Apollo was unglamorous. There was no viral pivot. No product launch that changed the narrative. Just operational execution: rebuild the security stack, invest in compliance, maintain customers who hadn't left, and keep the data engine running.
By November 2021 — three years after the breach — Apollo raised a $32M Series B. The disclosure in that announcement contained something remarkable: the company had been profitable for 18 consecutive months. Revenue had tripled in the preceding year. They had 9,000 paying customers.
Eighteen months of profitability before a growth round. In a SaaS landscape where VC-backed companies routinely burn $2 for every $1 of revenue, Apollo had been generating more than it spent. The breach hadn't just failed to kill them. The operational discipline required to survive it — to convince customers to stay without the luxury of outspending competitors on marketing — had made them financially sound in a way their better-funded rivals weren't.
Post-breach, Apollo made a strategic choice that looks obvious in retrospect but was genuinely risky in 2019: make the product free to use.
Not a 14-day trial. Not a feature-limited demo. A permanent free tier with real credits, real contacts, real access to most of the platform's core features.
ZoomInfo's entry-level commitment: approximately $9,000 per year, paid annually, upfront, with a contract.
Apollo's entry price: $0.
The economics of this freemium model are not straightforward charity. Every free user who uses Apollo's search interface, exports contacts, sends emails, logs call outcomes, and receives bounced messages is generating a signal. That signal — what emails still work, which people have changed jobs, which records are stale — feeds back into the database. The free tier is, simultaneously, a trust-building mechanism and a data validation engine.
The 1 million salespeople using Apollo's free tier are continuously correcting 250 million records. Every bounce validates a stale email. Every successful send confirms a live one. Every job change flag updates an employment record. The database gets more accurate as the user base grows.
ZoomInfo cannot replicate this flywheel. Their pricing model — high ACV, enterprise-locked — means the majority of sales professionals never touch their interface. Their data validation depends on their own internal processes and acquired data sets. Apollo has a crowd-sourced quality signal that compounds with scale in a way no enterprise pricing model can match.
The viral mechanism that drove Apollo's growth from 2020 to 2023 was not advertising. It was product placement in the daily workflows of sales professionals.
A salesperson at a Series A startup uses Apollo's free tier. It works. The startup scales to Series B, hires a sales team, upgrades to Apollo Professional. The new VP of Sales brings Apollo to their next company. The SDR who learned Apollo at their first job brings it to the next three companies they work at. The Slack channels and Reddit threads for sales ops start treating Apollo as the default answer to "what data tool should I use."
This is the community-led growth flywheel that marketing decks often describe but few companies actually achieve. It depends on the free tier being genuinely useful — not a teaser, but a working tool. Apollo's free credits and features were designed to clear that bar.
By August 2023, when Apollo closed its $100M Series D at a $1.6 billion valuation led by Bain Capital Ventures, the company had crossed into what the SaaS industry calls "centaur" territory — $100M ARR. By 2025, they announced $150M ARR with a target of $200M and an ambition of $500M.
The company that was supposed to be dead in October 2018 had become a unicorn.
The $100M ARR milestone matters for reasons beyond the number. It marks the point at which Apollo could credibly claim to be a peer of ZoomInfo in the market's imagination — not just a cheaper alternative, but a different, complete product.
The Series D announcement in August 2023 carried the metrics of a company in full flight: 16,000+ paying customers, one million users, a database that had grown to 250 million contacts across 60 million companies. Sequoia, Tribe Capital, NewView Capital, Nexus Venture Partners, and Y Combinator were already in the cap table. Bain Capital Ventures led the new round.
The term "full-stack sales platform" sounds like marketing language. For Apollo, it reflects a specific technical and competitive choice.
The sales intelligence market had been structurally fragmented for a decade. ZoomInfo provided data. Outreach and Salesloft provided email sequencing and call automation. LinkedIn Sales Navigator provided profile data, locked inside LinkedIn's walls. CRMs like Salesforce and HubSpot sat in the middle logging outcomes. Every sales team needed four or five tools to run outbound. Data from ZoomInfo had to be exported to CSV, uploaded to Outreach, logged back to Salesforce, checked against LinkedIn.
Apollo built the full stack in one product:
- 250M contacts, 60M companies, 65+ filter dimensions
- Email sequences with inbox rotation and deliverability optimization
- Built-in calling with automatic dialer
- LinkedIn automation via Chrome extension
- Intent data and buying signal tracking
- Job change alerts triggering re-engagement workflows
- Native CRM sync (Salesforce, HubSpot, Pipedrive)
- AI-powered workflow automation for the full sequence
The integration is the product. Not just the data, not just the sequencer — the elimination of the handoff between them. A sales rep using Apollo doesn't need to context-switch between four tabs. The researcher, the outreach tool, and the logger are one system.
ZoomInfo's stock price has not been kind to them since 2022. After a peak market cap near $22 billion in 2021, their valuation contracted sharply as the sales intelligence market crowded and Apollo's free tier continued to convert mid-market and SMB customers at scale.
The competitive dynamics between Apollo and ZoomInfo come down to market tier and business model:
| Dimension | Apollo | ZoomInfo |
|---|---|---|
| Entry price | $0 free tier | ~$9,000/year minimum |
| Database size | 250M contacts | 174M+ emails |
| Engagement | Built-in | Separate (Engage product) |
| Target market | SMB to Enterprise | Enterprise primary |
| GDPR | Compliant | Fined €600K (Ireland DPC, 2023) |
ZoomInfo received a $600,000 fine from Ireland's Data Protection Commission in 2023 for data aggregation practices that mirrored exactly what Apollo was pilloried for in 2018. Apollo's early compliance investment — made under duress, after a catastrophic breach — created a five-year compliance head start in the European market.
The irony is architectural. The breach forced Apollo to take GDPR seriously when nobody else did. That seriousness became a competitive advantage in the one market where ZoomInfo struggled most.
In early 2026, after eleven years as CEO, Tim Zheng stepped down and handed the role to Matt Curl — his former COO, who had been operating as de facto CEO for the preceding year.
Zheng's own framing was disarmingly honest: "Matt has effectively been the de facto CEO for the past year. Now the title matches the reality."
He moved to Board Chair and active advisor. The company was at $200M ARR scale, pushing toward $500M. The founding phase — building the product, surviving the breach, finding product-market fit, achieving the first centaur milestone — was done. What comes next is execution at scale, enterprise expansion, and the AI product transformation.
Zheng built the company that deserved to fail. He also built the one that didn't. That, more than the funding rounds, is the biography.
1. The breach exposed data that was never Apollo's to lose.
The 200 million contacts Apollo exposed in 2018 were scraped from public sources — LinkedIn, Facebook, Twitter, AngelList. Not a single one of those 200 million people ever consented to being in Apollo's database. They never signed up for Apollo. They never agreed to have their professional identity sold to sales teams. The breach made visible what the entire sales intelligence industry was doing: building commercial products on data that wasn't theirs. Apollo took the blame. The category took the philosophical wound.
2. The data sat exposed for three months before anyone noticed.
HaveIBeenPwned lists the Apollo breach date as July 2018. TechCrunch published on October 1. That is roughly 90 days during which the unsecured Amazon S3 bucket with 2.1 terabytes of business intelligence was accessible to anyone who found the URL. Who else found it before Vinny Troia did? That question was never formally answered.
3. The ZenProspect name change was about product scope, not just branding.
ZenProspect was named for prospecting — finding the right contact and reaching them. Apollo was named for something larger. The rebrand reflected a deliberate product decision: this was not going to be a contact database with a search interface. It was going to be the entire sales motion in one platform. The name change signaled the pivot before the product shipped it.
4. Apollo was profitable for 18 months before taking growth capital.
When Apollo raised its $32M Series B in November 2021 at $24M ARR, the filing disclosed 18 consecutive months of profitability. Most SaaS companies at that stage are burning hard toward growth, subsidized by VC capital. Apollo's profitability was not strategic generosity — it was a survival artifact. Having nearly died in 2018, they couldn't afford to lose money. The discipline that came from the breach became structural. By the time growth capital was available, they didn't need it to survive. They used it to accelerate what was already working.
5. The free tier is a data quality machine, not just a distribution play.
Apollo's free tier is usually analyzed as a growth mechanism: acquire users, convert some to paid, viral adoption through sales org networks. That analysis is correct but incomplete. Every free user interaction — email sent, bounce logged, phone number dialed, job change noted — generates a signal that feeds back into the accuracy of 250 million records. The free tier is simultaneously a go-to-market strategy and a data validation infrastructure. ZoomInfo's enterprise pricing model means the majority of sales professionals never touch their interface. Apollo's community of one million users is continuously doing what ZoomInfo pays data teams to do: validating and refreshing the database. The bigger the free user base, the better the data. The better the data, the more attractive the product. The more attractive the product, the bigger the free user base. This is the loop that ZoomInfo cannot replicate without abandoning the business model that made them a $22 billion company.
| Metric | Value |
|---|---|
| Founded | 2015 (as ZenProspect) |
| YC Batch | Winter 2016 |
| Breach date | July 2018 (public: October 1, 2018) |
| Data exposed | 200M+ contacts, 2.1 TB |
| HIBP entry | 125.9M accounts |
| Months of exposure before disclosure | ~3 months |
| Months of profitability before Series B | 18 |
| Series B | $32M (November 2021) |
| Series C | $110M (March 2022) |
| Series D | $100M at $1.6B (August 2023) |
| Total raised | ~$251M |
| ARR (2023) | ~$96M |
| ARR (2025) | $150M+ |
| ARR target (CEO transition) | $500M |
| Paying customers (2025) | ~100,000 |
| Free tier users | 1M+ |
| Database size | 250M contacts, 60M companies |
| ZoomInfo GDPR fine | €600,000 (Ireland DPC, 2023) |
| Apollo entry price | $0 (free tier) |
| ZoomInfo entry price | ~$9,000/year |
Research conducted March 12, 2026.
