Zacks Data Breach
What Happened
In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum. The most recent data was dated May 2020 and included names, usernames, email and physical addresses, phone numbers and passwords stored as unsalted SHA-256 hashes. On disclosure of the larger breach, Zacks advised that in addition to their original report "the unauthorised third parties also gained access to encrypted [sic] passwords of zacks.com customers, but only in the encrypted [sic] format".
Compromised Data
Recommended Actions
Change Your Password
If you haven’t already changed the password affected by this breach, do so immediately on every account where it was used.
Enable Two-Factor Authentication
Wherever 2FA is supported, add an extra layer of security to your account.
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1PasswordBreach Overview
-
Affected Accounts:
8.9 million
-
Breach Occurred:
May 2020
-
Added to HIBP:
10 Jun 2023
Recommended Actions
Change Your Password
If you haven’t already changed the password affected by this breach, do so immediately on every account where it was used.
Enable Two-Factor Authentication
Wherever 2FA is supported, add an extra layer of security to your account.
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password