Summary
A hacker leaked data of 12 million Zacks Investment Research users. The data includes names, usernames, email addresses, physical addresses, phone numbers, and passwords. This marks another significant security incident for Zacks, following previous breaches in recent years.
Dont let data threats slow you downTrueNAS offers enterprise-level protection.
** Main Story**
Okay, so, have you heard about the absolute mess over at Zacks Investment Research? Seriously, it’s a textbook example of why cybersecurity has to be everyone’s priority, not just the IT department’s.
Basically, they had a massive data breach, and we’re talking about potentially 12 million users’ personal information being compromised. A hacker, going by “Jurak,” bragged about it on BreachForums, claiming they’d been poking around in Zacks’ systems since June of last year. And he supposedly posted about it at the end of January.
The type of data exposed? Well, names, usernames, email addresses (of course), physical addresses, phone numbers… the whole nine yards. Oh, and passwords, too. Though, here’s the kicker: the passwords were ‘protected’ using unsalted SHA-256 hashes, and the problem is? Those are pretty darn easy to crack. So you could argue, they weren’t really protected at all.
The Scope of the Breach – It’s Bad.
This Jurak guy says he snagged administrator-level access. And with admin access comes the keys to pretty much everything. Apparently, that’s how he managed to steal the source code for Zacks’ main site and a bunch of other sites. Not good, right?
While Zacks hasn’t officially confirmed everything, samples of the stolen data have been floating around as proof. And to make matters worse, it’s all been added to “Have I Been Pwned”, that site where you can check if your info’s been compromised. Turns out, something like 93% of the leaked email addresses were already in that database. Which, honestly, speaks volumes about some people’s online security habits. It sounds like a lot of the affected individuals are already on the radar, so to speak.
Not Their First Rodeo
Here’s the thing that really bugs me: this isn’t even the first time Zacks has had a major security incident. Like, really guys?
Back in ’22, around 820,000 Zacks Elite customers got their info exposed. Then in ’23, another database with over 8.8 million user records surfaced online, containing usernames, passwords, and other personal details. It makes you wonder, doesn’t it? What are they doing over there? And, frankly, are they taking user security seriously?
The Nitty-Gritty – Why This Matters To You
Listen, if your personal information gets out there, especially passwords, it can be a nightmare. With these unsalted password hashes, hackers can crack them relatively easily and then use those passwords to access your other accounts. Think identity theft, phishing scams, all that nasty stuff.
Which, honestly, is why you absolutely have to change your passwords, especially if you think you might have used the same password on multiple sites.
I remember, years ago, I got hit by a phishing scam. It was convincing, and I clicked a link. Luckily, I caught it early, but the sheer panic of thinking someone could access my bank accounts? Yeah, I’ve been super vigilant ever since.
What To Do About It
So, what can you do if you’re worried about this Zacks breach? Well, here’s my quick and dirty list:
- Change your Zacks password ASAP: Make it strong, make it unique. Seriously, don’t use the same password you use for your email or social media.
- Check Have I Been Pwned: See if your email address is in the database.
- Enable Two-Factor Authentication: If you can, turn on 2FA on all your important accounts. It adds an extra layer of security.
- Keep an Eye on Your Accounts: Monitor your bank statements, credit reports, the works. Look for anything fishy.
- Be Careful with Emails: Don’t click on links or open attachments from unknown senders. Phishing emails are getting increasingly sophisticated.
Listen, data breaches are becoming way too common. Organizations need to take security seriously. It’s not just a cost center, it’s a core part of doing business responsibly. And for us as individuals? We’ve got to be vigilant. It sucks, but that’s the world we live in. For now, investigations are underway, and more information is likely to surface in the coming days and weeks, as of today, February 24th, 2025. Stay safe out there folks!
Unsalted SHA-256 hashes? Seriously? I’m starting to think my grandma’s recipe book has better security. Maybe Zacks should invest in some password-protecting parchment paper.
Haha, the parchment paper idea is brilliant! It really highlights how outdated and insufficient unsalted SHA-256 hashes are. It’s concerning that companies still rely on such weak security measures, especially with sensitive user data at stake. Hopefully, this breach will push Zacks and others to upgrade their security practices.
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
Another breach? Is “Jurak” offering a bulk discount on compromised data now? Maybe Zacks should start investing in cybersecurity instead of… whatever it is they actually do.
That’s a valid question. It does make you wonder where their investment priorities lie. With breaches becoming so frequent, cybersecurity should be a core business function, not an afterthought. It’s time for companies to prioritize protecting user data.
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
Unsalted SHA-256 hashes? I’m impressed they even *tried* to hash them. Did they generate these passwords using a Magic 8-Ball too? Maybe “Outlook Not So Good” should’ve been their first clue to invest in, you know, actual security.
Haha, the Magic 8-Ball analogy is spot on! It really does feel like they were rolling the dice with our data security. This situation just underlines the importance of staying ahead of the curve and adopting modern security practices. What are some encryption methods you would suggest?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
“Poking around since June of last year”? Jurak’s persistence is almost admirable. I wonder if he offers consulting services on penetration testing now. Zacks could *really* use the help.