500,000 Zoom accounts are being sold on the dark web

Hacked Zoom accounts have become merchandise that's sold en masse on the dark web and through hacker forums, new report claims.

According to BleepingComputer, which spoke to cybersecurity company Cyble, there are currently over 500,000 Zoom account credentials being sold, and while most of them seem to stem from earlier, unrelated hacks, some of them are genuine.

Cyble's experts noticed the influx of Zoom accounts for sale on April 1, and were able to purchase 530,000 of them at a bulk price of $0.002 per account. Some accounts, the report claims, are even being shared for free.

These credentials include a Zoom user's email address, password, personal meeting URL, and their host key — a six-digit pin tied to the owner's Zoom account, which is used to claim host controls for a meeting. And some of these account details belong to high-profile companies including Chase and Citybank, according to Cyble, which checked the veracity of the accounts belonging to some of their clients and confirmed they were valid.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

Even though Zoom has had its share of security and privacy blunders, recently prompting the company to halt features development for 90 days in order to fix them, these account credentials do not appear to be a result of a Zoom hack. More likely, they've been gathered by a technique called credentials stuffing, in which hackers use older databases of stolen user account credentials and test them against Zoom accounts.

SEE ALSO:Man creates hilarious AI version of himself to take his spot during Zoom calls

This isn't the first time we've seen Zoom accounts circulated on the dark web, but previous reports saw a much smaller number of accounts being sold. Now that the numbers are in the hundreds of thousands, this is becoming a serious threat to Zoom users. These accounts can be used for simple trolling via bursting into someone's Zoom meeting unannounced, but also for eavesdropping and identity theft.

The practice of crashing someone's Zoom meeting has become so commonplace that it now has a name — Zoombombing — and while Zoom did address the issue in a recent update, this doesn't help if a hacker has your Zoom account credentials.

As always, the best protection from these types of attacks is never to re-use old passwords. That's where password management tools such as LastPass and Dashlane come in handy, as they allow you to store a large number of different account credentials and protect them all with one master password.

UPDATE: April 14, 2020, 9:20 p.m. CEST A Zoom spokesperson sent Mashable the following statement: "It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”

TopicsCybersecurity

最新评论