What Happened
In June 2024, Zacks Investment Research, an American investment research firm known for its Zacks Rank stock assessment tool, suffered a data breach when a hacker using the alias “Jurak” gained domain administrator access to its Active Directory, stealing source code from zacks.com and 16 other sites, plus a database containing sensitive information on approximately 12 million accounts. The breach was publicly revealed in late January 2025 on BreachForums, where the hacker offered data samples (including full names, usernames, email addresses, physical addresses, phone numbers, IP addresses, and unsalted SHA-256 hashed passwords) for cryptocurrency, with Have I Been Pwned verifying and adding the 11,994,223 unique email addresses to its database on February 12, 2025. Notably, 93% of these emails had appeared in prior Zacks breaches (e.g., 2022-2023 incidents affecting millions), heightening risks of phishing, identity theft, and credential stuffing, though Zacks issued no official statement despite outreach efforts.
