Zacks Investment hit in data breach - 12 million users potentially at risk

News
By
published

Investment research firm allegedly suffers new cyberattack

A computer being guarded by cybersecurity.
(Image credit: iStock)
  • A hacker posted a new thread on an underground forum
  • They claim to have stolen data on 12 million people from Zacks Investment Research
  • Zacks hasn't responded to media inquiries yet

Zacks Investment Research, a financial data, stock research, and analysis company based in Chicago, apparently suffered a cyberattack in which it lost sensitive data on millions of people.

A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers.

The forum thread contained a small sample, and an offer for the entire batch in exchange for a “small cryptocurrency amount”.

Exposing the emails

Speaking to the attacker, the publication found that the attacker gained access to Zacks’ active directory as a domain admin, after which they stole the source code for the main site and 16 other assets. Zacks hasn’t responded to media inquiries yet.

At the same time, Have I Been Pwned?, a website aggregating email addresses exposed in data breaches, added the new batch, but said almost all (93%) were exposed in previous attacks.

Zacks is yet to comment on the claims of a data breach. However, it is no stranger to cyber-incidents. In December 2022, the company identified unauthorized access to certain customer records. The breach affected approximately 820,000 customers who had signed up for the Zacks Elite product between November 1999 and February 2005. Exposed information included names, addresses, phone numbers, email addresses, and passwords from an older database.

In June 2023, a database containing personal information of over 8.8 million Zacks users emerged on a hacking forum. The data, dated up to May 2020, included names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
AI business data center

"It is literally driving our product development direction" - how Cisco is redefining networking security to better protect against cyberattacks and human error
Code Skull

Top component maker Unimicron hit by massive ransomware attack
A screenshot from Tomb Raider 4-6 Remastered showing Lara Croft in mid-air kicking action

I've played through all three campaigns in Tomb Raider IV-VI Remastered and found them to be full of welcome improvements, and graphical overhauls - but some issues remain
See more latest