Data Breach: Nearly 9 Million Zacks Customer Data Exposed by Threat Actors

A recent data breach post published by Have I Been Pwned, disclosed that nearly 9 Million Zacks customers’ personal information was publicly available on the popular Exposed hacking forum.

The information, which dates back to 2020, includes names, email and physical addresses, phone numbers, usernames and unsalted SHA-256 passwords. There was no disclosure of any user-linked bank or credit card details. With this, it can be said that the hackers were unable to obtain access to any financial information.

Although Zacks has not released an official statement about the incident, when notified by Have I Been Pwned, the company stated that ‘’on disclosure of the larger breach, Zacks advised that in addition to their original report “the unauthorized third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format”.

Earlier, in January 2023, Zacks had disclosed that the company had suffered a data breach attack in which nearly 820,000 customers personal information was at risk. The attack was said to occur between November 2021 and August 2022 and impacted customers of its Elite product. The customers who had signed up for the product between November 1999 to February 2005 were being notified about the incident.

In its notification, Zacks stated that it had already taken the necessary security measures to mitigate the threat and would not be offering any credit monitoring solution to affected customers. It went on to say that in their investigation they had not found that their users’ data was not being used inappropriately. However, it urged its customers to monitor their banking and other financial transactions to avoid any phishing and credential-stuffing attacks.

Founded in 1978, Zacks Investment Research is a US-based investment research company. The company provides independent stock-related data and analysis to professional investors.