Summary: A threat actor has claimed to have breached Investing.com, extracting approximately 6.5 million user records by exploiting an Insecure Direct Object Reference (IDOR) vulnerability. The individual provided a sample of the data and claimed the breach remained active until extensive requests prompted a security patch. Investing.com has not yet issued a formal response regarding this incident.
Affected: Investing.com
Keypoints :
- Threat actor extracted around 6.5 million user records before a security patch was implemented.
- The compromised data allegedly includes user IDs, email addresses, and registration details, with some records dating back to 2014.
- The incident highlights ongoing vulnerabilities in prominent platforms, necessitating vigilance against similar claims on dark web forums.