For the last few weeks, Zoom has been the epicenter of security issues with experts revealing faults in the app every other day.
Where we thought the storm has passed over the Zoom app, the latest cyberattack suggests otherwise. Close to 500,000 Zoom accounts are being sold on Dark Web, and other hacker forums, reports Bleeping Computer.
The accounts are being sold for less than a penny each, even for free in some cases. The credentials include the victim’s email ID, password, meeting URL, and their Hostkey. A hacker can use this information for Zoom bombing and other malicious activities.
As per the report, the credentials of these accounts have been gathered via credential stuffing attacks.
In this type of attack, hackers use compromised user credentials of previous breaches and try to get past the authentication methods by reusing the same username and password. Later, the accounts are usually sold on different hacker forums.
$0.0020 per Zoom account
Cyble, a cybersecurity intelligence firm, first discovered several free Zoom accounts posted on a hacker forum. The accounts were shared via a text sharing site and were listed with email addresses and password combinations.
To warn the users, Cyble bought over 530,000 Zoom credentials from a seller, each for $0.0020. Many accounts were of people belonging to prominent companies and education institutions.
In response, a spokesperson said Zoom is locking the victim’s accounts and asking them to change their password. Meanwhile, it has hired security firms “to find these password dumps and the tools used to create them”
What can you do?
According to Zoom, the breach does not affect “large enterprise customers that use their own single sign-on systems”. Still, we recommend users change their Zoom login password, especially if you’re using a password that has also been used on other websites. Have I Been Pwned is a reputable website that tells you whether your email address was ever breached.
This is not the first time Zoom users’ data has been leaked. Recently, thousands of Zoom Meeting Recordings were uploaded on the Internet.