Zacks Investment Research reportedly suffered a data breach in 2024, exposing sensitive information from approximately 12 million accounts.
The American investment research firm provides data-driven insights through its proprietary stock assessment tool, ‘Zacks Rank,’ assisting investors in making informed financial decisions.
In late January, a threat actor posted data samples on a hacker forum, claiming the breach occurred in June 2024. The exposed data, available for purchase using cryptocurrency, includes full names, usernames, email addresses, physical addresses, and phone numbers. Despite multiple inquiries from BleepingComputer, Zacks has not responded to confirm the authenticity of the leaked data.
The hacker further claimed to have accessed the company’s active directory as a domain administrator and stolen the source code for Zacks.com and 16 other websites, including internal portals. Samples of the stolen source code were shared as proof of the breach.
The leaked database has now been listed on Have I Been Pwned (HIBP), a platform that allows users to check if their personal information has been compromised. HIBP verified that the database contained 12 million unique email addresses, IP addresses, usernames, physical addresses, phone numbers, and passwords stored as unsalted SHA-256 hashes.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: