500,000 Hacked Zoom Accounts Being Sold on Dark Web: Report

Zoom accounts were reportedly being sold for $0.0020 (roughly Rs. 0.15) per account and in some cases, given away for free.

By Vineet Washington | Updated: 14 April 2020 18:08 IST

500,000 Hacked Zoom Accounts Being Sold on Dark Web: Report

Photo Credit: BleepingComputer

Hacked Zoom accounts included college students from several universities

Highlights

Over 500,000 Zoom accounts are reportedly being sold on the dark web
The accounts include email address, passwords, personal meeting URLs, etc
The Zoom accounts were gathered using credential stuffing attacks

Zoom video conferencing app has seen an unprecedented level of growth in the past month or so. This is mainly because of the coronavirus pandemic that has forced people to stay indoors and work from home, leaving voice and video calls the only way of communication. Because of this sudden growth, several privacy and security concerns surrounding Zoom have come to the fore. Now, a fresh report claims that over 500,000 Zoom accounts have been hacked and are being sold on the dark web.

A report by Bleeping Computer states that hackers are selling these Zoom accounts for less than a penny each and in some cases, they are being given away for free. The report adds that this information about free Zoom accounts being posted on hacker forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. The firm then reached out to the sellers of these accounts and bought 530,000 Zoom credentials at $0.0020 (roughly Rs. 0.15) per account, in an attempt to warn their customers of the breach.

The report also adds that these accounts were hacked through credential stuffing attacks that use previously leaked accounts to login to Zoom. The credentials that are successfully logged in are then compiled and sold to other hackers. These types of attacks are not unique to Zoom, the report states.

These Zoom account credentials include email address, passwords, personal meeting URLs, and HostKeys, according to the report. It was also found that 290 accounts were related to universities and colleges like University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado, and others. Some accounts belonged to well-known companies such as Citibank, Chase, and more. Both Bleeping Computer and Cyble claim they have verified some of these accounts and that the credentials used were valid.

It is highly advisable that users change their Zoom passwords, especially if the same password is used elsewhere. They should try to use unique passwords for each site. Users can also check if their email address has been leaked by going to Cyble's AmIBreached service or Have I Been Pwned service.

This comes after Zoom faced several allegations for its security and privacy flaws. CEO Eric Yuan also held a livestream acknowledging the issues and stating that the company is working on fixing them.

Mi TV 4X vs Vu Cinema TV: Which is the best budget TV in India right now? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.