HQ/EMEAFind out how we can help your business
One of the well-known small-cap financial portals in North America, AllPennyStocks[.]com, has been compromised, according to new findings from iZOOlogic’s dark web team. On September 3, 2024, threat actor “whatisdb” was found selling a database containing sensitive user information from the financial platform on BreachForums, a notorious site for trading stolen data.
AllPennyStocks.com, known for its comprehensive penny stock features and content focused on Canadian and US markets, caters to a wide audience ranging from novice investors to expert traders. The site reportedly has a membership base of approximately 8,000 users, all of whom may have had their data compromised in the breach.
Following the breach, a sample of the compromised data was released by “whatisdb.”
The compromised data sample shared by “whatisdb” includes critical information such as email addresses, passwords, and full names of the site’s members. The discovery was made during a routine manual scan by iZOOlogic researchers on BreachForums, where the threat actor had listed the database for sale. Unlike typical ransomware attacks, there was no demand for payment directly from the victims; instead, “whatisdb” is offering the data to interested buyers through private messages on the forum.
The exact method by which the threat actors obtained access to AllPennyStocks.com’s network remains under investigation. However, the breach is believed to have occurred through vulnerabilities identified during vulnerability assessment and penetration testing (VAPT) techniques.
These findings suggest that the attackers might have exploited weaknesses in the site’s defences, allowing them to exfiltrate user data undetected.
While the full extent of the breach is still being evaluated, it has been confirmed that multiple victims are involved, with Viper Entertainment being identified from the sample data provided by the hacker. The breach raises significant concerns about the security measures in place to protect user data on financial platforms, particularly those catering to niche markets like penny stocks.
The discovery by iZOOlogic’s dark web team underscores the persistent threat posed by cybercriminals who target financial institutions and platforms, exploiting vulnerabilities for profit. As investigations continue, affected users are urged to take immediate precautions, such as changing their passwords and monitoring their accounts for any suspicious activity.
