Credentials belonging to more than 500,000 Zoom users were stolen and sold on the dark web for less than a penny each.
The information was obtained through ‘credential stuff’, where data previously leaked in breaches are used to access different services.
A cybersecurity firm noticed an influx of Zoom accounts for purchase in a hacker forum on April 1 and were able to obtain 530,000 for just $0.002 each – some were also being shared for free.
The credentials included personal meeting URLs, email addresses and passwords, along with host keys that allow them to enter meetings and carry out ‘Zoomboming’ attacks.
Credentials belonging to more than 500,000 Zoom users were stolen and sold on the dark web for less than a penny each. The information was obtained through ‘credential stuff’, where data previously leaked in breaches are used to access different services
The forum was discovered by the cybersecurity company Cyble and first reported on by BleepingComputer.
A Zoom spokesperson told DailyMail.com: ‘It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere.’
This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems.
‘We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.
Although a majority of the accounts belonged to users, some of them were details owned by big-name companies such as Chase and CityBank, according to Cyble that has cross referenced the details to confirm they were valid.
A cybersecurity firm noticed an influx of Zoom accounts for purchase in a hacker forum on April 1 and were able to obtain 530,000 for just $0.002 each – some were also being shared for free
The accounts were obtained through a tactic termed ‘credential stuffing’, which is why the National Security Agency (NSA) has warned users not to use the same credentials for multiple accounts.
‘If your username and password is compromised from Company A—who suffered a data breach—and you use that same username and password to login to your social media account, then that account could also be in jeopardy,’ the NSA shared in a 2018 statement.
- Google Hangouts Meet
- Zoho Meetings
- Cisco Webex Meetings
- Jitsi Meet
- Hibox Discord
‘We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,’ Zoom toldDailyMail.com.
Zoom has become an essential service for millions of Americans who are self-isolating in order to limit the spread of the coronavirus.
However, hackers are using this opportunity for their own agendas and are breaking into meetings.
Internet trolls are ‘Zoombombing’ calls by displaying pornographic and racists content while users hold work conferences, online teaching sessions and even alcohol anonymous meetings – leaving many to wonder just how secure the service is.
Over the past few weeks, companies, government organizations and schools have all banned the use of the video-chatting software.
Google, the US Senate, NASA, SpaceX, Tesla, New York City SCHOOLS and the German Federal Foreign Office have all ditched the app for official business.
Last week Zoom Zoom sent out an update with a new security menu to make accessing privacy tools easier.
A dedicated security icon will feature at the bottom of the screen from which users can quickly access all the app’s safety features.
‘We recognize that various security settings in the Zoom client, while extremely useful, were also extremely scattered,’ the company said of the update.
‘The addition of this persistent Security icon helps augment some of the default Zoom security features in your profile settings and enables Zoom users to more quickly take action to prevent meeting disruption.’
In addition to the new centralized security menu, Zoom said meeting IDs would no longer be displayed on the title toolbar.
The company said this was to prevent others seeing active meeting IDs when ‘Zoom screenshots are posted publicly’, and using the information to crash meetings – a practice known as ‘Zoombombing’.