Skip to content Dark Web Informer - Cyber Threat Intelligence

A Threat Actor Claims to have Leaked the Data of Zacks Investment Research

QUICK FACTS
🔗 DarkWebInformer.com - Cyber Threat Intelligence
📅 Date: 2025-01-25 01:44:07
🚨 Title: Alleged Source Code and Database Sale of Zacks Investment Research
🛡️ Victim Country: USA
🏭 Victim Industry: Financial Services
🏢 Victim Organization: Zacks Investment Research
🌐 Victim Site: zacks.com
📜 Category: Data Breach
🔗 Claim: http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Thread-DATABASE-Zacks-com-Breach
🕵️‍♂️ Threat Actor: Jurak
🌍 Network: Openweb


WhiteIntel.io Data Leak Information

Country: Unknown Credentials: 19,618
Country: BR Credentials: 7,881
Country: US Credentials: 7,510
Country: ID Credentials: 6,538
Country: IN Credentials: 6,141
Country: TR Credentials: 4,537
Country: EG Credentials: 3,506
Fetching WhiteIntel.io Data...
Large datasets may take a moment...
This message will update automatically...

Description

The threat actor Jurak, in collaboration with StableFish, has claimed responsibility for breaching Zacks Investment Research. The breach reportedly occurred in June 2024 and involves the following compromised assets:

Key Details:

  • Source Code: Claimed to be included in the breach, though specifics on the repository remain undisclosed.
  • Database Information:
    • Volume: 15 million lines of customer and client data.
    • Sample Content: Usernames, passwords, customer IDs, first and last names, email addresses, time zone codes, last password changes, and more.
  • Structure: The data is organized into 13 tables.
  • Availability: The threat actor invites interested buyers with high reputation scores to contact them for the source code.

This marks the second major breach of Zacks Investment Research, following an earlier attack in 2020.


Implications

For Zacks Investment Research:

  • Operational Risks: Exposure of source code could enable further exploitation of vulnerabilities.
  • Reputation Damage: A second breach could erode client trust in Zacks’ ability to safeguard their data.
  • Regulatory Breach: The incident may result in violations of SEC regulations and other data privacy laws, leading to fines.

For Affected Customers and Clients:

  • Identity Theft: Exposure of PII (personally identifiable information) may lead to fraudulent activities.
  • Credential Exploitation: Leaked usernames and passwords could enable account takeovers.
  • Privacy Concerns: Unauthorized access to financial records could expose sensitive investment information.

Recommendations

For Zacks Investment Research:

  • Incident Response:
    • Confirm and assess the extent of the breach.
    • Notify affected clients and regulatory authorities promptly.
    • Rotate credentials and API keys across affected systems.
  • Preventative Measures:
    • Employ enhanced encryption for sensitive data and source code repositories.
    • Conduct regular penetration testing and implement robust access controls.
    • Improve employee awareness of phishing and other cybersecurity threats.

For Customers and Clients:

  • Account Security:
    • Change passwords associated with Zacks and enable two-factor authentication (2FA).
  • Fraud Monitoring:
    • Monitor bank accounts and investment platforms for suspicious activity.
  • Vigilance Against Phishing:
    • Be cautious of unsolicited communications requesting sensitive information.

Stay tuned to DarkWebInformer.com for updates on this and other cyber threat incidents.

Latest