Zacks Data Breach
Zacks Investment Research Breach (2024): 12 Million Customer Records Including Passwords, Phone & Address Exposed :: Second Confirmed Breach
Financial research and data firm.
Risk Interpretation
High risk of spearphishing, investment fraud, and advisory impersonation. Subscription and research-interest data can reveal investor intent and increase scam credibility.
Impact & Downstream Threats
In June 2024 a threat actor published to a hacking forum a dataset described as a superset of the prior Zacks breach material, adding approximately 12 million further records and representing cumulative exposure of personal and account data from the company's customer base across multiple incidents. Zacks acknowledged the prior 2023 breach but has not made detailed public statements confirming the 2024 publication as a distinct incident. The pattern of successive, escalating exposures from the s
- Credential stuffing against reused passwords across other platforms
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Zacks Investment Research, a Chicago-based financial data and analysis firm, suffered a data breach in 2024 when a threat actor published a dataset on a prominent hacking forum containing records from approximately 12 million customers. The exposure followed a separate breach Zacks confirmed in 2023. The 2024 dataset appears to be a superset of the earlier incident, expanding the cumulative scale of exposed customer data. The attack vector remains unknown, and Zacks did not respond to multiple attempts to contact them about the 2024 publication. The exposed data includes email addresses, names, usernames, passwords, phone numbers, physical addresses, and IP addresses. The passwords were stored as unsalted SHA-256 hashes, a weak protection method that makes them significantly easier to crack than properly secured alternatives. Affected individuals face elevated risk of account takeover, identity theft, and targeted financial fraud. Because Zacks serves retail and institutional investors, their association with the platform can make them more convincing targets for investment scams and impersonation schemes. Zacks publicly acknowledged the 2023 breach but has not issued detailed statements confirming the 2024 forum publication as a distinct incident. No regulatory action or litigation has been publicly confirmed in connection with the 2024 exposure. People whose data was included should treat their Zacks credentials as compromised, change any reused passwords across other accounts, and remain alert to phishing attempts that may reference their investment activity or financial interests.
About Zacks
Zacks Investment Research is a Chicago-based financial research and data firm providing investment analysis, stock screening tools, earnings estimate data, and advisory services to retail and institutional investors. The company is private and has operated since 1978 as a provider of proprietary earnings data, analyst ratings, and market intelligence.
Why They Hold Your Data
Investment research and advisory firms collect subscriber identity, contact details, billing records, newsletter subscriptions, and research-consumption behavior tied to financial analysis services.
Recent Developments
Zacks has continued to operate as a financial research platform through a period in which it experienced multiple distinct data security incidents across 2020, 2023, and 2024. The pattern of repeated breaches drew attention from security researchers and media. No major organizational changes beyond the breach response context have been prominently reported.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, ip_address, password, phone_number, physical_address, username
Dark Web Verification
- Dataset containing ~12.0M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Zacks (2024) Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Zacks
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam