ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Zacks (2024) Data Breach

zacks.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 11,994,223
Breach date 22 Jun 2024
Added to tracker 12 Feb 2025
Data classes 7

What happened

In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.

Exposed data

Email addresses IP addresses Names Passwords Phone numbers Physical addresses Usernames

Recommended actions

  • Change your Zacks (2024) password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Zacks (2024) โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP