- Researchers at cybersecurity firm Cyble found upwards of 500,000 Zoom accounts up for grabs on hacker forums and the dark web, Bleeping Computer reports.
- Cyble was able to purchase 530,000 accounts for $0.0020 each, and some were being given away for free to enable “Zoombombing” attacks.
- This doesn’t mean Zoom got hacked – the accounts were obtained using “credential stuffing”, where hackers use passwords and emails leaked in previous data breaches.
- If you use the same email and password across lots of different accounts, including your Zoom account, you should try and change to a unique password.
- Visit Business Insider’s homepage for more stories.
Cybersecurity researchers found the credentials for more than 500,000 Zoom accounts either for sale or even being given away for free on the dark web, as reported by Bleeping Computer.
Cybersecurity firm Cyble discovered the accounts, many of which were being sold for less than a penny per account. Some were being given away in bulk for free on hacker forums so that people could use them for “Zoombombing” – a form of trolling where malicious actors drop into Zoom calls and post graphic or offensive content.
Recent reports of Zoombombing have included trolls targeting anti-Semitic abuse at a virtual synagogue, screaming racist slurs in a meeting for women of color, and trolls dropping into virtual Alcoholics Anonymous meetings to taunt their members.
Cyble was able to purchase roughly 530,000 accounts for $0.0020 each, thereby obtaining their email address, password, personal meeting URL, and host key (the 6-digit pin number Zoom meeting hosts can use). Many of the accounts for sale belonged to companies or institutions including Chase, Citibank, and numerous universities. The firm told Bleeping Computer that it had started to see accounts pop up for sale since April 1, with the posters seeking to boost their reputation among hacker communities.
This doesn't mean Zoom got hacked. Although the videocall service has been beset with privacy issues since the onset of the coronavirus drove millions more people to its service, the accounts for sale on the dark web were obtained using "credential stuffing" attacks. This means hackers used password-email combinations obtained through previous hacks and tried their luck on people's Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable.
Effective ways to negate credential stuffing include using unique passwords for every site you visit online, and checking whether your email address has been leaked in previous data breaches using Have I Been Pwned.