Report: More than 500,000 Zoom accounts stolen, sold on the dark web

Video conferencing app, Zoom has seen a surge in popularity in recent times, with many countries that are severely impacted by the COVID-19 pandemic imposing various forms of lockdown measures. This means that now, more than ever, professionals are relying on various remote working tools. However, Zoom has had its fair share of issues, mostly related to privacy and security.

A new problem has surfaced for Zoom, a report claims. According to BleepingComputer, over 500,000 Zoom accounts have been stolen, and sold on the dark web—some are sold for nominal sums, while other are even being given away for free.

These compromised accounts are then used by hackers in “zoom-bombing” attacks, where trolls enter zoom meeting rooms to broadcast unwanted, inappropriate content to participants.

How did this happen?

The stolen Zoom accounts were discovered by cybersecurity experts over at Cyble, with accounts first seen on hacker forums on the 1st of April, 2020. According to the report, certain stolen Zoom accounts are even being offered for free as perpetrators look to improve their reputation within the hacker community.

It must be noted that the issue doesn’t appear to be a fault on Zoom’s part. The accounts were stolen with credential stuffing attacks, where malicious parties login to Zoom accounts by using compromised account details from data breaches in the past.

In fact, the experts managed to purchase around 530,000 accounts in bulk for US$0.0020 (¬RM0.0086) per account, before alerting these users that their accounts had been compromised. The danger here, of course, is the private information stored within Zoom accounts. Email addresses, personal meeting URLs, and Zoom HostKey’s are all vulnerable.

Worringly, Cyble says that some of the stolen accounts belong to those from major corporations, including Citibank, as well as major Universities around the world. Zoom has issued a response:

“It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.”

In short, you should change your password on Zoom if you’ve used the same password for accounts on other platforms/services. Credential stuffing attacks could happen on any site, so as a precaution, use unique passwords for each registration.

[ SOURCE ]