In a post allegedly published on a dark web forum, a threat actor has claimed responsibility for a significant data breach targeting Investing.com, one of the world’s leading financial markets platforms. According to the post, approximately 6.5 million user records were extracted after exploiting what the threat actor described as an IDOR (Insecure Direct Object Reference) vulnerability.
The forum post allegedly states that the vulnerability was discovered around a week ago and remained active until approximately 50 million requests were made, prompting a patch by the website. However, the individual behind the post claims to have already collected 6,486,700 user records before the issue was addressed.
The allegedly compromised data reportedly includes user IDs, registration timestamps, platforms used for registration, email addresses, and registration sources. The threat actor even provided an example record, purportedly belonging to a user associated with a major financial institution.
To support their claims, the forum post includes download links for a 500-line sample of the dataset and a reference to the exclusive sale of the full database on BreachForums. The individual behind the post emphasized being the sole source of the data, allegedly ensuring its authenticity.
The threat actor insists that the dataset contains user information dating back to 2014, with the majority of accounts reportedly registered between 2024 and 2025. At the time of writing, there has been no official statement from Investing.com regarding the alleged breach.
Various threat actors published similar breaches time to time on different dark web forums. It is always important to approach such claims with caution.
