The breach involved a database stolen from Zacks Investment Research in May 2022.
A previously undisclosed data breach has been revealed by the service “Have I Been Pwned?,” which notifies individuals when their sensitive information is leaked online
The founder of Have I Been Pwned?, Troy Hunt, stated that the stolen database was listed on a hacking forum called Exposed and contained approximately 8.8 million personally identifiable data records.
The compromised database includes email addresses, usernames, unsalted SHA256 passwords, addresses, phone numbers, full names, and other customer data belonging to Zacks. However, credit card information and bank account details were not included. There is currently no evidence that the hackers accessed this type of sensitive financial data.
Data breaches have become a lucrative opportunity for hackers, who sell stolen information on dark web forums or use it for various cyberattacks such as malware attacks, identity theft, and wire fraud.
In some cases, threat actors engage in ransom negotiations, demanding payment in cryptocurrencies like Bitcoin in exchange for deleting the stolen data
Zacks Investment Research, an American company known for publishing research and financial analysis, suffered another data breach between November 2021 and August 2022, where sensitive data on almost one million customers was compromised. In response, the company implemented a mandatory password reset for all users in January 2022. However, it appears that the newly discovered breach occurred before this reset, meaning the compromised accounts were likely not included in the security measure.
Zacks plans to notify all affected customers about the incident, but a timeline for this communication has not been provided yet. Users concerned about their potential exposure can visit the HaveIBeenPwned? website and enter their email address to check if they were affected.
READ ALSO: Wisconsin Republicans Pass Bills Enforcing Stricter Requirements For Unemployment Benefits