If you’re a customer of Zacks Investment Research, the financial data, stock research and analysis company, you should probably start investing in the best identity theft protection software while making sure you’re keeping a close eye on your credit reports.
As reported by Bleeping Computer, an underground hacking forum thread from January has been discovered which claims that Zacks has fallen victim to yet another data breach.
This latest breach, the third since 2022, is said to be the largest yet – with the personal information of 12 million people being leaked online.
Names, usernames, email addresses, postal addresses, IP addresses and phone numbers are said to have been stolen in a cyber attack and are now up for sale as a full set for “a small cryptocurrency amount.” However, Have I Been Pwned? points out that 93% of those email addresses had been exposed in previous attacks.
The December 2022 breach similarly exposed names, addresses, phone numbers, email addresses and passwords from 820,000 customers off an older database. Those customers had signed up for a Zacks Elite product between November 1999 and February 2005.
In June 2023 though, there was a second breach where a database of over 8.8 million users showed up on a hacking forum; this breach leaked names, addresses, phone numbers, email addresses, usernames, and passwords up to May 2020.
This latest breach occurred when an attacker gained access by acting as a domain admin, then they stole source code for the main site and 16 additional assets, which included internal websites.
How to stay safe after a data breach
Since data breaches have now become an everyday occurrence, it’s up to you to keep yourself – and your devices – safe.
Start by making sure you’ve got one of the best antivirus software programs running on your PC or one the best Mac antivirus software on your Apple computer. You also want to regularly check that your antivirus is up to date and install new updates as soon as they become available.
While both Windows and Mac come with their own built-in protection, one reason you might want to upgrade to a paid antivirus is that many of them include useful extras like a password manager or VPN for additional protection.
In this case, you're going to want to be on the lookout for suspicious emails and messages. Since all of that personal data from Zacks is available for purchase on the dark web, hackers can use it to create messages tailored specifically to you in targeted phishing attacks. Don't respond, click on any links or download any attachments when you do get one of these messages as that's exactly what the hackers behind them want you to do.
If you’re also concerned about where your personal information has ended up online, consider using a data removal service like Incogni to help scrub your personal details from the web. This will ensure that less info about you is available online overall while an identity theft protection service can keep you safe if someone does track down enough data on you to steal your identity.
While Zacks hasn't officially confirmed this data breach, it's still cause for concern regardless. I wouldn't cancel your account just yet but it might be time to start shopping around for alternatives.
More from Tom's Guide
