Zacks Investment Research, a prominent stock research and analysis firm, recently revealed a long-standing data breach that has impacted a significant number of its customers. According to SC Magazine, the breach, which dates back to 2020, was discovered by security researchers who found that nearly nine million Zacks.com customers’ data is being widely circulated on a popular hacking forum. The unauthorized access resulted in the compromise of various sensitive information, including names, usernames, email and physical addresses, phone numbers, and passwords stored as unsalted SHA-256 hashes.
Zacks Investment Research confirmed that the breach is linked to a prior data breach disclosed in December 2022, as reported by SC Magazine. During the previous breach, an unknown third party gained unauthorized access to certain customer records. While the specific number of affected customers remains undisclosed, Zacks clarified that the breach impacted a smaller subset of customers with compromised passwords.
The compromised passwords, which were stored as unsalted SHA-256 hashes, are standard practices for protecting sensitive data. However, SC Magazine reports that this technique is not impervious to bypassing attempts. Security experts warn that the publication of this breached data could lead to follow-on phishing attacks and other malicious activities targeting Zacks’ customers.
Zacks Investment Research reassured its customers that no credit card information or other financial data had been accessed during any breaches. The company stated that it had implemented additional security measures and continues to enhance password security to prevent similar incidents in the future. Zacks acknowledges the inconvenience caused to its customers and expresses its commitment to protecting their personal information.
As reported by Info Security Magazine, customers of Zacks Investment Research may have further concerns due to the magnitude of the newly disclosed breach and the fact that it went undetected for an extended period of time. Previously, in January, the company reported a breach affecting approximately 820,000 customers who had signed up for the Zacks Elite product between November 1999 and February 2005. However, the recently revealed breach involves a more substantial number of customers and a wider range of personal data.
As the aftermath of this breach unfolds, customers of Zacks Investment Research are advised to remain vigilant against potential phishing attempts and other cyber threats.