After the recent global lockdown due to Corona Virus Panadamic, one particular app see a humongous boom in its user base. That app was “ZOOM” the so-called Video Conferencing application. Which, out of the blue became the favorite of the majority of businesses, MNC’s and teaching institutions both in India and around the globe.
Recently there was news of Zoom’s security exploits being sold for up to $30,000 on the dark web.
When it seemed things could not possibly get any worse for Zoom they just did, and in a big way!
Over Five Hundred Thousand Zoom accounts are being sold in the dark web and hacker forums.
What’s more concerning is that this list is the result of “credential stuffing attacks”. For those of you who don’t understand what it means
Credential stuffing attacks are where hackers attempt to log in to Zoom using accounts leaked in older data breaches.
Successful logins are then collated into lists and sold on or offered for free to other hackers, with the intention of using them in zoom-bombing pranks or for malicious reasons.
The accounts are reportedly being shared via text sharing sites as lists of email addresses and password combinations. The accounts can include a victim’s email address, password, personal meeting URL, and their HostKey.
What this means is that all these 500 Thousand accounts being sold are completely legit and could be of anyone. Leaving everyone in a huge privacy threat.
Cybersecurity firm Cyble, which was able to purchase 530,000 Zoom credentials for less than a penny each at $0.0020 per account, said the Zoom accounts began appearing in the hacker community at the beginning of April, with hackers offering the accounts to build a reputation.
The finding underscores the importance of using unique passwords for each website where an account is registered. Concerned users are encouraged to check if their email address has been leaked in data breaches using the 🔗Have I Been Pwned website or Cyble’s 🔗AmIBreached data breach notification service, and change their Zoom password if used elsewhere.