Zoom video conferencing app has seen an unprecedented level of growth in the past month or so. This is mainly because of the coronavirus pandemic that has forced people to stay indoors and work from home, leaving voice and video calls the only way of communication. Because of this sudden growth, several privacy and security concerns surrounding Zoom have come to the fore. Now, a fresh report claims that over 500,000 Zoom accounts have been hacked and are being sold on the dark web.
A report by Bleeping Computer states that hackers are selling these Zoom accounts for less than a penny each and in some cases, they are being given away for free. The report adds that this information about free Zoom accounts being posted on hacker forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. The firm then reached out to the sellers of these accounts and bought 530,000 Zoom credentials at $0.0020 (roughly Rs. 0.15) per account, in an attempt to warn their customers of the breach.
The report also adds that these accounts were hacked through credential stuffing attacks that use previously leaked accounts to login to Zoom. The credentials that are successfully logged in are then compiled and sold to other hackers. These types of attacks are not unique to Zoom, the report states.
These Zoom account credentials include email address, passwords, personal meeting URLs, and HostKeys, according to the report. It was also found that 290 accounts were related to universities and colleges like University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado, and others. Some accounts belonged to well-known companies such as Citibank, Chase, and more. Both Bleeping Computer and Cyble claim they have verified some of these accounts and that the credentials used were valid.
It is highly advisable that users change their Zoom passwords, especially if the same password is used elsewhere. They should try to use unique passwords for each site. Users can also check if their email address has been leaked by going to Cyble’s AmIBreached service or Have I Been Pwned service.
This comes after Zoom faced several allegations for its security and privacy flaws. CEO Eric Yuan also held a livestream acknowledging the issues and stating that the company is working on fixing them.