Hacked Zoom Accounts Being Sold on Dark Web: Report
Post the lockdown which ensued after the coronavirus pandemic, Zoom app an American video telephony, online chat service was used extensively by business and people across the world to communicate and conduct business. This sudden increase in use of this video conference system has led to several concerns surrounding Zoom about privacy and security. A report claims that over 500,000 Zoom accounts were hacked and sold on the dark web.
According to information reported in Bleeping Computer states that hackers are selling these Zoom accounts for less than a penny each and in some cases, they are being given away for free. The report adds that Cybersecurity intelligence firm Cyble around April 1 first pointed out this information about free Zoom accounts being posted on hacker forums. The firm then reached out to the sellers of these accounts and bought 530,000 Zoom credentials at $0.0020 (roughly Rs. 0.15) per account, in an attempt to warn their customers of the breach.
The report also adds that these accounts were hacked through credential stuffing attacks that use previously leaked accounts to login to Zoom. The credentials that are successfully logged in are then compiled and sold to other hackers. These types of attacks are not unique to Zoom, the report states.
Around 290 accounts were related to prominent universities in the United States, well -known banks and others. Both Bleeping Computer and Cyble claim they have verified some of these accounts and that the credentials used were valid.
Zoom has faced several allegations for its security and privacy flaws which was also acknowledge by its CEO Eric Yuan. He stated that the company is working on fixing them.
How to protect your Zoom account credentials
- Zoom account credentials include email address, passwords, personal meeting URLs, and HostKeys, according to the report
- Users should change their Zoom passwords, especially if the same password is used elsewhere.
- They should try to use unique passwords for each site.
- Users can also check if their email address has been leaked by going to Cyble's AmIBreached service or Have I Been Pwned service. (Source:Bleeping Computer,Cybersecurity intelligence firm Cyble)
Also Read: Lockdown Could Lead To Job Cuts In IT Sector, But Boost Work-From-Home Culture In The Long Run