Hackers hit the NASDAQ community forum, email addresses and passwords compromised

NASDAQ forum hack There is bad news if you are in the habit of discussing stocks on the NASDAQ community forum, because hackers have managed to break into the site, and could have compromised usernames, email addresses and passwords.

The only silver lining on the cloud is that trading and commerce platforms were not impatced by the hack.

Users of NASDAQ’s community messageboards should have received an email from the site, warning users about the security breach and advising members to change their passwords on *other* websites if the same password was being used.

Email from NASDAQ

Sign up to our free newsletter.
Security news, advice, and tips.

My guess is that the servers running the NASDAQ community messageboard software had not been properly configured or not kept updated against vulnerabilities, and this allowed hackers an open window to access sensitive information.

Of course, it’s never a good idea to use the same password in multiple places. If you are reckless and use the same password on multiple websites then if *one* site suffers a serious security breach and hackers manage to get hold of passwords, then your accounts on *other* sites could be at risk too.

Worryingly, there is no mention of passwords being securely encrypted suggesting that the site could have been storing users’ passwords in an insecure fashion up until now.

What also irks me is how NASDAQ is describing the issue on the (currently shut-down) community forum itself:

NASDAQ forum

We are currently upgrading the NASDAQ.COM Community site.

We apologize for the inconvenience.

Any member of the online NASDAQ community who has missed the email advisory, won’t be any the wiser from that message that the site has been hacked, and their usernames, email addresses and passwords have been compromised.

Shouldn’t the site be more upfront about the security breach, and offer – for instance – advice that if members were using the same passwords elsewhere on the net, that they should be changed as a matter of priority?

Wouldn’t it be helpful to warn about the threat of phishing emails?

The simple “we’re upgrading the site” message feels to me a little like an attempt to brush the issue under the carpet, in the hope that the very people who need to be warned there is an issue – the community’s members – don’t notice.

Although I’m obviously pleased that an email was sent out (hey! let’s hope none of them were to an expired Yahoo address, eh?)

Consider me unimpressed by NASDAQ’s handling of this.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

2 comments on “Hackers hit the NASDAQ community forum, email addresses and passwords compromised”

  1. cypherpunk

    Did they leak the hacked content on Pastebin or somewhere else ?

    1. Graham CluleyGraham Cluley · in reply to cypherpunk

      I haven't seen any evidence of that.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.