A cybercriminal alleged the theft of 15 million data records from Zacks' customers and clients, but further investigation later confirmed the actual number to be 12 million.
Zacks is an investment research firm renowned for its “Zacks Ranks,” a daily ranking system that helps stock market enthusiasts and investors evaluate potential portfolio additions on a scale from one to five.
Zacks has faced several data breaches in recent years. In 2023, a database with 8,615,098 records, allegedly from Zacks, surfaced online. The dataset, with its most recent records from May 2020, contains sensitive details such as names, emails, usernames, passwords, phone numbers, addresses, company names, and other personal information.
Breached by @Jurak and @StableFish
Below is a sample of the customers database:
CLUE , HINT , PASSWORD , USERNAME , LAST_NAME , FIRST_NAME , CUSTOMER_ID , DATE_REGISTERED , DATE_UPDATED , DISPLAY_NAME , FIRM_NAME , TIMEZONE_CODE , LAST_PASSWORD_CHANGE
Using the alias Jurak, a cybercriminal has released sensitive information tied to nearly 12 million accounts, reportedly from a breach that took place last year.
Jurak informed BleepingComputer that they had accessed the company’s active directory as a domain admin, allowing them to steal source code from the main site (Zacks.com) and 16 other websites, including internal platforms. To validate the breach, they also shared samples of the stolen source code.
(The Image used in this Blog Post has been taken from Malwarebytes.com)
