Zacks Investment Management

On a cybercrime site, a database containing the private information of more than 8.9 million Zacks Investment Research members was leaked.

The data breach notice service Have I Been Pwned informed Zecks of the archive's accessibility.

Names, addresses, phone numbers, email addresses, usernames, and passwords are all saved in the database entries as unsalted SHA-256 hashes, according to HIBP.

By telling Have I Have Been Pwned that threat actors only had access to encrypted passwords, the company tried to minimize the security violation.

The warning claims that threat actors got access to a database of past Zacks Elite clients who had registered between November 1999 and February 2005.

Source: https://securityaffairs.com/147425/data-breach/zacks-investment-research-data-leak.html

"id": "ZAC73019923",
"linkid": "zacks-investment-management",
"type": "Breach",
"date": "06/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"