Zacks Investment Research (Zacks) has been the victim of an older, previously undisclosed data breach impacting 8.8 million customers. The details are on HaveIBeenPwned:
In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum. The most recent data was dated May 2020 and included names, usernames, email and physical addresses, phone numbers and passwords stored as unsalted SHA-256 hashes. On disclosure of the larger breach, Zacks advised that in addition to their original report “the unauthorised third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format”.
Ani Chaudhuri, CEO, Dasera had this comment:
The recent data breach at Zacks Investment Research is profoundly concerning and highlights data security’s complex and ever-evolving nature. The breach, impacting 8.8 million customers, is a stark reminder that no organization is immune to cyber threats. The details of the Zacks breach have not been disclosed. Determining the specific cause of a breach often requires a thorough investigation by cybersecurity experts and forensic analysis of the affected systems.
It is essential for organizations to continually assess and enhance their security measures to mitigate the risk of such incidents because defending against attacks and data breaches is a formidable challenge for companies today. The ever-evolving threat landscape and the sophisticated tactics employed by malicious actors make it challenging to anticipate and mitigate every potential vulnerability. Companies must cover the full scope of their attack surface, which includes safeguarding networks, applications, endpoints, and data, while also considering the diverse range of bad actors, including hackers, insider threats, and nation-state actors. Protecting against these threats requires a multi-layered approach, combining robust security measures, continuous monitoring, threat intelligence, employee awareness and training, and proactive incident response strategies.
While Zacks previously disclosed a breach between November 2021 and August 2022, the recently discovered breach dates back to May 10th, 2020. The leaked database contains sensitive customer information, including email addresses, usernames, passwords, addresses, phone numbers, and more.
The implications of this breach are significant, as threat actors may exploit the leaked data for malicious purposes such as phishing or credential-stuffing attacks. All Zack users must immediately change their passwords to unique ones. Furthermore, if you use the same password at other sites, it is essential to update those passwords to ensure your accounts remain secure.
This incident underscores the need for a collaborative approach to data security. Organizations, industry leaders, and individuals must work together to strengthen security measures, implement robust safeguards, and stay vigilant against evolving threats. Protecting sensitive data requires continuous efforts and a shared commitment to safeguarding customer trust.
Let us use this unfortunate event as a reminder of the importance of prioritizing data security, fostering a culture of cybersecurity awareness, and implementing comprehensive measures to protect sensitive information. Together, we can mitigate risks, address vulnerabilities, and build a more resilient digital landscape.
Hopefully anyone who is affected by this is able to protect themselves as best as they can once they are notified by Zacks, or more likely they found that they have been affected on HaveIBeepwned. But to be frank, they wouldn’t have to worry if Zacks did a better job of securing their data.
Like this:
Like Loading...
Related
This entry was posted on June 13, 2023 at 8:27 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Zacks Pwned And The Amount Of People Affected Is HUGE
Zacks Investment Research (Zacks) has been the victim of an older, previously undisclosed data breach impacting 8.8 million customers. The details are on HaveIBeenPwned:
In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum. The most recent data was dated May 2020 and included names, usernames, email and physical addresses, phone numbers and passwords stored as unsalted SHA-256 hashes. On disclosure of the larger breach, Zacks advised that in addition to their original report “the unauthorised third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format”.
Ani Chaudhuri, CEO, Dasera had this comment:
The recent data breach at Zacks Investment Research is profoundly concerning and highlights data security’s complex and ever-evolving nature. The breach, impacting 8.8 million customers, is a stark reminder that no organization is immune to cyber threats. The details of the Zacks breach have not been disclosed. Determining the specific cause of a breach often requires a thorough investigation by cybersecurity experts and forensic analysis of the affected systems.
It is essential for organizations to continually assess and enhance their security measures to mitigate the risk of such incidents because defending against attacks and data breaches is a formidable challenge for companies today. The ever-evolving threat landscape and the sophisticated tactics employed by malicious actors make it challenging to anticipate and mitigate every potential vulnerability. Companies must cover the full scope of their attack surface, which includes safeguarding networks, applications, endpoints, and data, while also considering the diverse range of bad actors, including hackers, insider threats, and nation-state actors. Protecting against these threats requires a multi-layered approach, combining robust security measures, continuous monitoring, threat intelligence, employee awareness and training, and proactive incident response strategies.
While Zacks previously disclosed a breach between November 2021 and August 2022, the recently discovered breach dates back to May 10th, 2020. The leaked database contains sensitive customer information, including email addresses, usernames, passwords, addresses, phone numbers, and more.
The implications of this breach are significant, as threat actors may exploit the leaked data for malicious purposes such as phishing or credential-stuffing attacks. All Zack users must immediately change their passwords to unique ones. Furthermore, if you use the same password at other sites, it is essential to update those passwords to ensure your accounts remain secure.
This incident underscores the need for a collaborative approach to data security. Organizations, industry leaders, and individuals must work together to strengthen security measures, implement robust safeguards, and stay vigilant against evolving threats. Protecting sensitive data requires continuous efforts and a shared commitment to safeguarding customer trust.
Let us use this unfortunate event as a reminder of the importance of prioritizing data security, fostering a culture of cybersecurity awareness, and implementing comprehensive measures to protect sensitive information. Together, we can mitigate risks, address vulnerabilities, and build a more resilient digital landscape.
Hopefully anyone who is affected by this is able to protect themselves as best as they can once they are notified by Zacks, or more likely they found that they have been affected on HaveIBeepwned. But to be frank, they wouldn’t have to worry if Zacks did a better job of securing their data.
Share this:
Like this:
Related
This entry was posted on June 13, 2023 at 8:27 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.