Data Breach: Nearly 9 Million Zacks Customer Data Exposed by Threat Actors
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
A recent data breach post published by Have I Been Pwned, disclosed that nearly 9 Million Zacks customers’ personal information was publicly available on the popular Exposed hacking forum.
The information, which dates back to 2020, includes names, email and physical addresses, phone numbers, usernames and unsalted SHA-256 passwords. There was no disclosure of any user-linked bank or credit card details. With this, it can be said that the hackers were unable to obtain access to any financial information.
Although Zacks has not released an official statement about the incident, when notified by Have I Been Pwned, the company stated that ‘’on disclosure of the larger breach, Zacks advised that in addition to their original report “the unauthorized third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format”.
Earlier, in January 2023, Zacks had disclosed that the company had suffered a data breach attack in which nearly 820,000 customers personal information was at risk. The attack was said to occur between November 2021 and August 2022 and impacted customers of its Elite product. The customers who had signed up for the product between November 1999 to February 2005 were being notified about the incident.
In its notification, Zacks stated that it had already taken the necessary security measures to mitigate the threat and would not be offering any credit monitoring solution to affected customers. It went on to say that in their investigation they had not found that their users’ data was not being used inappropriately. However, it urged its customers to monitor their banking and other financial transactions to avoid any phishing and credential-stuffing attacks.
Founded in 1978, Zacks Investment Research is a US-based investment research company. The company provides independent stock-related data and analysis to professional investors.
Free VPN Leaks Customer Data in Another Data Breach: 360 Million Users Affected
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
SuperVPN, a free to download VPN service, has once again exposed sensitive information of its unsuspecting users, reveals a new research report by vpnMentor. The massive data leak of 360,308,817 users was related to the non-password protected database associated with the free VPN service provider.
The publicly available data contained email addresses, device, geolocation information, original IP address, users’ web activities, UUID numbers and transaction details. When accessed by a threat actor, it exposes the unsuspecting victim to major security threats including identity theft, phishing scams, and denial of service (DoS) attack.
The report further revealed that two apps with the name ‘’SuperVPN’’ were found officially on both Apple App store and Google Play store and had millions of downloads worldwide. These two apps with quite similar logos were registered under different developer’s names but its links to China was observed. In addition to notes in Mandarin, the database was seen to have references to companies, Changsha Leyou Baichuan Network Technology Co., and Qingdao Leyou Hudong Network Technology Co.
Neither company responded to queries regarding ownership or location, which further raised questions about security and transparency; issues generally associated with free VPNs.
This is not the first time that SuperVPN has been associated with customer data leak. Since 2020, the company has come under the radar of cybersecurity researchers and journalists regarding security vulnerabilities in its apps.
Despite these concerns, a rise in free VPN usage has been noticed due to increasing online privacy and security concerns. Thus, before choosing a free VPN, it is important that users thoroughly investigate and research the VPN that best fulfills their requirements while keeping them safe online.
