Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A database containing data of +8.9 million Zacks users was leaked online

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. Zacks is the leading investment research firm focusing on stock research, analysis, and recommendations. The availability of the archive […]

zacks

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum.

A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023.

Zacks is the leading investment research firm focusing on stock research, analysis, and recommendations.

The availability of the archive was reported by the data breach notification service Have I Been Pwned, which notified Zecks. According to HIBP, the records in the database contain names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes.

The company attempted to downplay the security breach by telling Have I Been Pwned that threat actors only had access to encrypted passwords.

In January, Zacks Investment Research (Zacks) disclosed a data breach, the company reported that the security incident may have affected the personal information of its 820,000 customers.

The company discovered the intrusion at the end of 2022, it believes the unauthorized access took place sometime between November 2021 and August 2022.

According to the notice, threat actors had access to an older database of customers who had signed up for the Zacks Elite product between November 1999 through February 2005.

At the time, the company added that it had no evidence that financial data has been exposed due to the security incident.

“In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum. The most recent data was dated May 2020 and included names, usernames, email and physical addresses, phone numbers and passwords stored as unsalted SHA-256 hashes.” reported HIBP. “On disclosure of the larger breach, Zacks advised that in addition to their original report “the unauthorised third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format”.”

zacks

The company also had reset the password of compromised accounts in response to the security breach.

HIBP pointed out that the most recent record in the leaked database is dated May 2020.

Impacted customers should also change the password for all other online accounts for which they used the same credentials as their Zacks account. Customers are also recommended to monitor financial accounts and consumer credit reports.

The availability of the database in the cybercrime ecosystem poses a severe risk for the company users.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Zacks Investment Research)