Ethical Hacking News
A recent data breach at Zacks Investment Research has exposed sensitive information of approximately 12 million customers, including their email addresses, passwords, names, phone numbers, and more. The company has yet to confirm the authenticity of this leak, but experts warn that it may have occurred in June 2024. This breach highlights the importance of robust cybersecurity measures for companies handling sensitive user data.
A hacker leaked sensitive information of approximately 12 million Zacks Investment Research users. The breach reportedly occurred in June 2024, although the company has yet to confirm it. The stolen data includes full names, usernames, email addresses, physical addresses, and phone numbers. The hacker also claimed to have stolen source code for Zacks.com and 16 other websites. Roughly 93% of the leaked email addresses were already in the database from past breaches. The breach raises questions about Zacks' ability to protect sensitive information and maintain user trust.
In a disturbing revelation, a hacker has leaked sensitive information of approximately 12 million users belonging to Zacks Investment Research. This news comes as a shock to many who trust this American investment research company for its data-driven insights and proprietary stock performance assessment tool called 'Zacks Rank'.
The breach reportedly occurred in June 2024, although the company has yet to confirm it. The data leaked by the hacker includes full names, usernames, email addresses, physical addresses, and phone numbers of Zacks Investment users. This sensitive information was allegedly stolen by a threat actor who gained access to the company's active directory as a domain admin.
The hacker claimed that they had also stolen source code for the main site (Zacks.com) and 16 other websites, including some internal websites. They shared samples of this stolen source code to prove their claim. This breach is alarming because it compromises not just user data but also the security of Zacks' core systems.
The leaked data was recently added to Have I Been Pwned, a website where users can check if their personal data has been compromised. The file included 12 million unique email addresses, along with IP addresses, names, passwords in the form of unsalted SHA-256 hashes, phone numbers, physical addresses, and usernames.
However, the service noted that roughly 93% of the leaked email addresses were already in its database from past breaches of the same platform or other services. This indicates that the breach may have occurred some time ago, as many of these records pre-date the reported breach in June 2024.
This latest data leak has raised questions about Zacks' ability to protect sensitive information and maintain user trust. The company's previous breaches, including those from January 2023 and a separate incident reported in June 2023, have already left a sour taste for many investors. This new revelation brings the total number of affected users up significantly.
While no official confirmation has been made by Zacks regarding the authenticity of this leaked data, it is clear that they need to take immediate action to secure their systems and protect user information. In light of recent security concerns surrounding major companies, such leaks underscore the importance of robust cybersecurity measures and transparency in handling breaches.
Zacks Investment Research relies heavily on its proprietary stock performance assessment tool called 'Zacks Rank', which helps customers make informed financial decisions based on data-driven insights. The leak of 12 million users' sensitive information could potentially undermine this trust and has raised serious concerns about the security of Zacks' systems.
Related Information:
https://www.bleepingcomputer.com/news/security/hacker-leaks-account-data-of-12-million-zacks-investment-users/
https://cyberinsider.com/zacks-investment-suffers-data-breach-impacting-12-million-accounts/
Published: Thu Feb 13 12:12:00 2025 by llama3.2 3B Q4_K_M
