On a cybercrime site, a database containing the private information of more than 8.9 million Zacks Investment Research members was leaked.
The data breach notice service Have I Been Pwned informed Zecks of the archive's accessibility.
Names, addresses, phone numbers, email addresses, usernames, and passwords are all saved in the database entries as unsalted SHA-256 hashes, according to HIBP.
By telling Have I Have Been Pwned that threat actors only had access to encrypted passwords, the company tried to minimize the security violation.
The warning claims that threat actors got access to a database of past Zacks Elite clients who had registered between November 1999 and February 2005.
Source: https://securityaffairs.com/147425/data-breach/zacks-investment-research-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/zacks-investment-management
"id": "zac73019923",
"linkid": "zacks-investment-management",
"type": "Breach",
"date": "06/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '8.9 million',
'industry': 'Investment Research',
'name': 'Zacks Investment Research',
'type': 'Financial Services'}],
'data_breach': {'data_encryption': 'Unsalted SHA-256 hashes',
'data_exfiltration': True,
'number_of_records_exposed': '8.9 million',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Email addresses',
'Usernames'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Passwords']},
'description': 'A database containing the private information of more than '
'8.9 million Zacks Investment Research members was leaked on a '
'cybercrime site.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Email addresses',
'Usernames',
'Passwords']},
'references': [{'source': 'Have I Been Pwned'}],
'title': 'Zacks Investment Research Data Leak',
'type': 'Data Breach'}