- A pirate has published a new thread on an underground forum
- They claim to have stolen data on 12 million people from Zacks Investment Research
- Zacks has not yet responded to media requests
Zacks Investment Research, a financial research, action and analysis research company based in Chicago, apparently underwent a cyber attack in which it has lost sensitive data on millions of people.
A report of Bleeping Compompute Cites a thread published on an underground hacking forum which claims to have raped Zacks in June 2024, obtaining sensitive information on 12 million people, including names, user names, email addresses, postal addresses and Telephone numbers.
The wire of the forum contained a small sample and an offer for the entire lot in exchange for a “small amount of cryptocurrency”.
Expose emails
Addressing the attacker, the publication noted that the attacker had access to Active Directory of Zacks as domain administrator, after which they stole the source code of the main site and 16 other assets. Zacks has not yet responded to media requests.
At the same time, I was Pwned ?, A website aggregating the email addresses exposed in data violations, added the new lot, but said that almost all (93%) were exposed during previous attacks.
Zacks has not yet commented on the allegations of a data violation. However, it is not unrelated to cyber-incidents. In December 2022, the company identified unauthorized access to certain customer records. The violation assigned approximately 820,000 customers who had registered in the Zacks Elite product between November 1999 and February 2005. The information on display included names, addresses, telephone numbers, email addresses and passwords ‘An old database.
In June 2023, a database containing personal information of more than 8.8 million users of Zacks emerged on a hacking forum. The data, dated May 2020, included names, addresses, telephone numbers, email addresses, user names and passwords stored in the form of non-salty shachagers.
Via Bleeping Compompute
