Zacks Investment Research Faces Larger Data Breach Affecting 8.8 Million Users

By   Olivia William
Writer , Information Security Buzz | Jun 13, 2023 03:07 am PST

A hacking forum has exposed a database containing the personal data of over 8.8 million users of Zacks Investment Research, surpassing the company’s initial data breach reported in January 2023. The database, as confirmed by data breach notification service Have I Been Pwned, includes names, addresses, phone numbers, email addresses, usernames, and unsalted SHA-256 hash passwords.

Troy Hunt, maintainer of Have I Been Pwned, contacted Zacks regarding the larger breach, to which the company claimed the attackers only accessed encrypted passwords. The database appeared on the hacking forum on June 10, 2023, revealing records dating back to May 2020. This suggests that Zacks may not have been aware of the extent of the breach during its initial disclosure in January 2023, which affected around 820,000 users.

Zacks claimed that customer credit card details and other financial data were not compromised in the previously reported incident, and that it had reset the affected account passwords. However, users whose information appeared in the newly discovered database might now be at risk of phishing and other types of attacks.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x