Contents
A Rather Unfortunate Affair at Zacks Investment Research
A New Breach Unfolds
Last year, Zacks Investment Research suffered yet another data breach, affecting the sensitive information of about 12 million accounts. The American investment research company, known for its proprietary stock performance tool—the ‘Zacks Rank’—enables clients to make informed financial decisions. However, with this breach, security seems to have taken a bit of a wobble.
In late January, a rather audacious threat actor made the breach public by sharing data samples on a notorious hacker forum. They claimed it occurred in June 2024 and affected millions of Zacks’ valued clientele. Alarmingly, the pilfered data encompasses full names, usernames, emails, physical addresses, and phone numbers.
The Threat Actor’s Bold Claims
Despite BleepingComputer’s earnest attempts to confirm the breach with Zacks, their efforts went unanswered. Conversely, the threat actor granted interviews, boasting about their access to Zacks’ active directory as a domain admin. They even provided samples of source code they lifted from Zacks.com and an additional 16 sites to prove the breach.
Notable Discoveries by "Have I Been Pwned"
Do check with Have I Been Pwned, a website assisting users in ascertaining whether their data has been compromised. They’ve confirmed the breach covers 12 million unique email addresses. The stolen information includes IP addresses, names, passwords encrypted with unsalted SHA-256 hashes, phone numbers, and usernames.
Interestingly enough, the service notes that about 93% of the leaked email addresses were already documented from previous breaches.
A History of Notable Data Breaches
This purported incident could potentially be the third substantial breach Zacks has encountered over four years. In January 2023, Zacks unveiled a breach wherein hackers accessed its networks between November 2021 and August 2022. They infiltrated sensitive data belonging to 820,000 customers.
Moreover, HIBP confirmed another breach from the company in June 2023. The database contained data of 8.8 million individuals and appeared to date back to May 2020.
Although Zacks has not officially confirmed the current alleged breach, HIBP’s validation adds some credibility to this unpleasant affair.
The Need for Vigilance
While the latest breach has not been officially endorsed, the high confidence signals a possible new incident. There’s also potential for threat actors to have compiled the data from varied sources aside from Zacks. Hence, one should remain vigilant and perhaps consider heightened security measures wherever possible.
Truly, in a world fraught with ever-evolving digital challenges, it is paramount to exercise caution and protect personal data zealously. Stay informed and ensure your cyber defences remain robust.
Data Breaches at Zacks: A Summary
| Year | Breach Details | Affected Individuals |
|---|---|---|
| 2020 (May) | Data leak verified by HIBP | 8.8 million |
| 2021-2022 | Network breach announced by Zacks | 820,000 |
| 2023 (Jan) | Potential new data breach | 12 million |
Note: Previous breaches revealed varied in scale, emphasising the need for improving data handling standards.
