Connect with us

Hi, what are you looking for?


Data Breaches

Data of 8.8 Million Zacks Users Emerges Online

A database containing the personal information of roughly 9 million Zacks users has emerged online.

A database containing the personal information of more than 8.8 million Zacks Investment Research users has emerged on a hacking forum.

According to data breach notification service Have I Been Pwned, the database contains names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes.

Have I Been Pwned’s maintainer, Troy Hunt, says he contacted Zacks to disclose the larger breach and the company told him that the attackers only gained access to encrypted passwords.

According to Hunt, the new database emerged on June 10, 2023, and soon after it was “broadly circulated on a popular hacking forum”.

The most recent entry in the newly discovered database is dated May 2020, which suggests that Zacks might have not been aware of the leak when disclosing a data breach in January 2023.

At the time, Zacks said the data breach occurred sometime between November 2021 and August 2022 and that it impacted the personal information of roughly 820,000 individuals who signed up for one of its products between November 1999 and February 2005.

The company also said that customer credit card details and other financial and personal information was not compromised in the incident. Zacks said at the time that it reset the passwords for the impacted accounts.

Advertisement. Scroll to continue reading.

With the database shared on a hacking forum, the affected individuals might fall victim to phishing and other types of attacks, especially if they are not aware of their personal information being exposed.

Zacks provides stock research, analysis, and recommendations for firms in the US.

Responding to a SecurityWeek inquiry, Zacks has provided the following statement:

We have confirmed that in association with the prior data breach disclosed by Zacks, which relates to a smaller subset of customers whose unencrypted passwords were compromised, the unauthorized third parties also gained access to encrypted passwords of customers. We have no reason to believe any customer credit card information or any other customer financial information was accessed for any Zacks customer at any time. We have recommended that customers change their passwords, as well as the password for all other online accounts for which they use the same e-mail address and password, and monitor financial accounts and consumer credit reports, although again, no financial information has been compromised. Zacks is also taking steps now to further enhance password security. We regret any inconvenience to our customers and we remain vigilant in protecting their personal information.

*updated with statement from Zacks

Related: Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach

Related: Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches

Related: Brightly Software Notifying 3 Million SchoolDude Users of Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.