HQ/EMEAFind out how we can help your business
Zacks Investment Research allegedly suffered a data breach last year, resulting in the leak of critical information owned by at least 12 million clients.
This affected entity is an American investment research firm providing data-driven insights to its customers via a unique stock performance assessment tool called ‘Zacks Rank.’ This tool can assist clients in making informed financial decisions.
Last month, a threat actor posted data samples on a dark web hacker site, claiming that a breach at the company in June last year exposed the data of millions of its clients.
The purported exposed data, available to forum users in exchange for a nominal cryptocurrency payment, includes full names, usernames, email addresses, physical addresses, and phone numbers.
Zacks Investment has yet to confirm the legitimacy of the leaker’s claims.
According to reports, Zacks Investment has not verified the veracity of the leak, but the threat actors claimed that it acquired access to the company’s active directory as a domain admin.
The hackers’ acquisition of unauthorised access allegedly allowed it to steal source code for the company’s main site and 16 additional domains, including some internal ones.
Additionally, the hackers published samples of the source code they had acquired to prove the legitimacy of their latest intrusion.
On the other hand, the hacked Zacks database was added to Have I Been Pwned earlier this week, a service that allows people to see if their personal information has been exposed.
HIBP confirmed that the dataset contained 12 million unique email addresses, IP addresses, names, unsalted SHA-256 hashed passwords, phone numbers, physical addresses, and usernames.
However, the business also states that around 93% of the exposed email addresses were already in its database from previous breaches on the same platform or other providers.
Zacks has not addressed the reported breach, but if the data leak is the product of a new hack, it may be the company’s third significant data breach in under four years.
As of now, the potentially affected customers should be wary of unsolicited messages as the leaked database contains the necessary information to execute phishing attacks.
