Zacks Data Breach Puts Millions at Risk

Zacks Investment Research, a well-known financial research company, has reportedly suffered another massive data breach. A hacker has claimed responsibility for stealing sensitive user information in June 2024. A hacker has leaked the stolen data of around 12 million customers on a forum and is selling it for a small cryptocurrency payment.

According to reports, the stolen data contains highly sensitive information, including full names, usernames, email addresses, physical addresses, and phone numbers. In addition to customer data, the hacker also claims to have gained deep access to Zacks’ internal systems. They allegedly obtained the source code for the company’s main website, Zacks.com, along with 16 other related internal and external websites.

Cybersecurity experts have analyzed the leaked data and confirmed its authenticity. The database contains unique email addresses and passwords stored in an unsalted SHA-256 format, making them vulnerable to hacking attempts. The exposure of such sensitive information raises concerns about identity theft, phishing attacks, and other cybercrimes that could target affected users.

The incident has once again highlighted the growing risks associated with cybersecurity breaches. Companies that store large amounts of user data must implement stronger security measures to prevent such incidents. However, this breach is particularly concerning because it is not the first time Zacks has been targeted by hackers.

A History of Data Breaches in Zacks

This is not the first time that Zacks has experienced a data breach. The company has faced multiple security incidents in the past, making this latest leak even more alarming.

In January 2023, Zacks confirmed that hackers had breached its network between November 2021 and August 2022. During this period, cybercriminals gained access to personal information belonging to 820,000 customers. The stolen data included email addresses, usernames, and other sensitive details.

A few months later, in June 2023, cybersecurity experts discovered and verified another database linked to Zacks. This database contained information from 8.8 million users, including full names, email addresses, usernames, phone numbers, and passwords stored as unsalted SHA-256 hashes. The evidence suggests that hackers stole the data in May 2020, indicating that an older breach had gone unnoticed for some time.

Despite these previous breaches, the latest leak appears to be the largest in terms of the number of affected accounts. Cybersecurity researchers have warned that repeated breaches greatly increase users’ risk, as hackers can use stolen data for various malicious activities. Criminals often gather information from multiple leaks to create detailed profiles of victims, enabling identity theft, fraud, or targeted phishing attacks.

Past breaches may cause affected users to see their information resurface in new leaks, increasing their vulnerability to cyber threats. Given that Zacks has experienced multiple security incidents in recent years, it raises concerns about the effectiveness of its cybersecurity measures.

Data Added to Cybersecurity Watchlist

Have I Been Pwned (HIBP), a widely used cybersecurity tool, has added the leaked Zacks database to help individuals check if previous breaches have exposed their personal data. The service confirmed that the leaked file contains 12 million unique email addresses, along with other personal details.

One of the most concerning aspects of this breach is that roughly 93% of the email addresses found in the leaked database were already present in previous breaches. This means that much of the exposed information has likely been circulating among cybercriminals for a long time. When multiple breaches repeatedly expose data, hackers can more easily piece together complete profiles of individuals, making them more vulnerable to identity fraud and other cybercrimes.

While Zacks has not officially confirmed the latest breach, cybersecurity experts have a high degree of confidence that this is a new incident. Have I Been Pwned verified the data by analyzing it to ensure that it was not simply a collection of old leaks. If validated, this would be the third major data breach affecting the company in just four years.

The repeated breaches of Zacks’ systems highlight the growing importance of robust cybersecurity measures. Cybersecurity experts advise platform users to take immediate precautions, such as updating their passwords and staying extra cautious of suspicious emails or phone calls that could be phishing attempts.