Categories: NewsTech

Report: More than 500,000 Zoom accounts stolen, sold on the dark web

Video conferencing app, Zoom has seen a surge in popularity in recent times, with many countries that are severely impacted by the COVID-19 pandemic imposing various forms of lockdown measures. This means that now, more than ever, professionals are relying on various remote working tools. However, Zoom has had its fair share of issues, mostly related to privacy and security.

A new problem has surfaced for Zoom, a report claims. According to BleepingComputer, over 500,000 Zoom accounts have been stolen, and sold on the dark web—some are sold for nominal sums, while other are even being given away for free.

These compromised accounts are then used by hackers in “zoom-bombing” attacks, where trolls enter zoom meeting rooms to broadcast unwanted, inappropriate content to participants.

How did this happen?

The stolen Zoom accounts were discovered by cybersecurity experts over at Cyble, with accounts first seen on hacker forums on the 1st of April, 2020. According to the report, certain stolen Zoom accounts are even being offered for free as perpetrators look to improve their reputation within the hacker community.

SOURCE: Malay Mail

It must be noted that the issue doesn’t appear to be a fault on Zoom’s part. The accounts were stolen with credential stuffing attacks, where malicious parties login to Zoom accounts by using compromised account details from data breaches in the past.

In fact, the experts managed to purchase around 530,000 accounts in bulk for US$0.0020 (¬RM0.0086) per account, before alerting these users that their accounts had been compromised. The danger here, of course, is the private information stored within Zoom accounts. Email addresses, personal meeting URLs, and Zoom HostKey’s are all vulnerable.

SOURCE: BleepingComputer

Worringly, Cyble says that some of the stolen accounts belong to those from major corporations, including Citibank, as well as major Universities around the world. Zoom has issued a response:

“It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.”

In short, you should change your password on Zoom if you’ve used the same password for accounts on other platforms/services. Credential stuffing attacks could happen on any site, so as a precaution, use unique passwords for each registration.

[ SOURCE ]

Recent Posts

Nissan Kicks e-Power now open for booking in Malaysia, priced below RM130,000

Edaran Tan Chong Motor (ETCM) has announced that the Nissan Kicks e-Power is now open…

3 hours ago

TikTok, Content Forum and UiTM empowers students with Digital Literacy to promote a safer digital space

TikTok in partnership with Communications and Multimedia Content Forum of Malaysia (CMCF) have recently organised…

5 hours ago

Tesla owners in Malaysia can finally use the Autopark feature

Tesla owners in Malaysia have reported that their vehicles can now perform the Autopark feature.…

5 hours ago

Asus ROG Phone 9 series launching in Malaysia on 10th December 2024

After unveiling its latest smartphones, the Asus ROG Phone 9 series, to the world, Asus…

6 hours ago

WhatsApp Voice Message Transcripts converts voice into text

WhatsApp has introduced a new Voice Message Transcripts feature which allows users to easily convert…

12 hours ago

Every Transaction Could Make You a Monthly Millionaire – Here’s How with Maybank’s MAE

This post is brought to you by Maybank. Unlock more than just transactions with MAE’s…

23 hours ago

This website uses cookies.