Cybersecurity researchers found the credentials for more than 500,000 Zoom accounts either for sale or even being given away for free on the dark web.
BleepingComputer is reporting that cybersecurity intelligence firm Cyble has discovered that Zoom accounts, including logins and passwords, are being posted on hacker forums. Some are being posted for free, some are being sold for fractions of a penny. To date, Cyble has tabulated there are over 500,000 available.
Cyble was able to purchase roughly 530,000 accounts for $0.0020 USD each, thereby obtaining their email address, password, personal meeting URL, and host key (the 6-digit pin number Zoom meeting hosts can use). Many of the accounts for sale belonged to companies or institutions including Chase, Citibank, and numerous universities. The firm told Bleeping Computer that it had started to see accounts pop up for sale since April 1, with the posters seeking to boost their reputation among hacker communities.
Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct. In at least one case, however, the password listed was one that the user had long since changed.
This doesn’t mean Zoom got hacked. Although the video call service has been beset with privacy issues since the onset of the coronavirus drove millions more people to its service, the accounts for sale on the dark web were obtained using “credential stuffing” attacks. This means hackers used password-email combinations obtained through previous hacks and tried their luck on people’s Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable.
If you or your organization has been using Zoom then it might be time to switch to another service like Microsoft Teams or Skype. Moreover, you should definitely check out Have I Been Pwned and Cyble’s AmIBreached services to ensure your data has not been leaked online. Even if those services don’t return a positive result, it might be a good idea to change your Zoom password and not use that password anywhere else.