Zacks — 8.9M accounts
Severity: Medium · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
In December 2022, the investment research company Zacks announced a data breach . The following month, reports emerged of the incident impacting 820k customers . However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum. The most recent data was dated May 2020 and included names, usernames, email and physical addresses, phone numbers and passwords stored as unsalted SHA-256 hashes. On disclosure of the larger breach, Zacks advised that in addition to their original report "the unauthorised third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format".
Breach facts
- Accounts affected
- 8,929,503
- Verified
- Yes
- Sensitive
- No
- Domain
- zacks.com
- Data exposed
- Email addressesNamesPasswordsPhone numbersPhysical addressesUsernames
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.