Zoom video conferencing program has witnessed an unprecedented degree of growth from the past month or so. This is principally due to the coronavirus pandemic that has compelled people to stay inside and work from home, leaving voice and video calls the only way of communicating. As a result of this sudden expansion, many privacy and safety issues surrounding Zoom have come to the fore. Now, a fresh report claims that over 500,000 Zoom accounts are hacked and are being marketed on the dark web.
A report by Bleeping Computer says that hackers are promoting these Zoom accounts for less than a cent each and in some cases, they are being given away for free. The report adds that this information about free Zoom reports being posted on cookie forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. The firm then achieved to the vendors of those accounts and bought 530,000 Zoom credentials at $0.0020 (roughly Rs. 0.15) per accounts, in an attempt to warn their clients of the breach.
The report also adds that these reports were hacked through credential stuffing attacks that use previously leaked reports to login to Zoom. The credentials which are successfully logged in are then compiled and offered to hackers. These kinds of attacks aren’t unique to Zoom, ” the report says.
All these Zoom accounts credentials include email address, passwords, private assembly URLs, and HostKeys, according to the report. It was also discovered that 290 accounts were associated with universities and colleges including the University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado, and many others. Some accounts flew to renowned companies such as Citibank, Chase, and more. The two Bleeping Computer and Cyble claim they have verified a number of these accounts and that the credentials used were valid.
It is highly advisable that users change their Zoom passwords, particularly if the exact same password is used elsewhere. They should try to use unique passwords for every website. Users can also check if their email address was leaked by heading to Cyble’s AmIBreached service or Have I Been Pwned service.
This comes after Zoom confronted several allegations because of its security and privacy defects. CEO Eric Yuan also held a Livestream admitting that the issues and stating that the business is focusing on fixing them.