Over half a million Zoom accounts being sold on hacker forum

A hacker is selling 500,000 zoom account credentials on the dark web and an infamous hacker forum putting the privacy of users at risk.

The sold Zoom data has been analyzed by cyber security researchers at Cyble who have labeled it as authentic.

With the popularity of Zoom rising globally due to the increasing use of video conferencing amid COVID-19, even its CEO has started hating the daily online meetings. But of more concern for him perhaps has got to be the security problems emerging as his company struggles to adjust with the daily influx of users.

In the latest, this takes shape in the form of a report by an IT security firm named Cyble who has revealed that over 530,000 Zoom account credentials are being sold on the dark web and an infamous hacker forum, some for free and some for as low as a fraction of a penny. The motives of the hackers are not known although they may be for fame purposes.

It is noteworthy that just a few days ago hackers were found sharing verified login details of verified Zoom accounts on the dark web for free. At the time, their intention was to get those credentials used in Zoombombing, which occurs when a meeting is disrupted or crashed abruptly. 

As for the latest listening, researchers believe it surfaced on the 1st of April, 2020. The accounts were being posted on different hacker forums due to an attack vector named credential stuffing in which attackers try using already exposed credentials online by plugging them into the accounts of the same person on a different platform.

See: Fake Coronavirus vaccine, patients’ blood & saliva sold on dark web

This means if you are using the same password that was compromised years ago, your Zoom account can then also be broken into this way. This does not though mean that Zoom in itself was hacked.

Screenshot of the hacker forum where the data is being sold (Image: Hackread.com)

According to researchers, these accounts belong to notable institutes and organizations including the Universities of Vermont, Colorado, Dartmouth, Florida, Lafayette, and companies such as Chase and Citibank making the threat far more serious than just Zoom-bombing. Critical information, particularly of companies can be at risk through online eavesdropping.

To investigate further, Cyble purchased about 530,000 such accounts at a price of $0.0020 each totaling $10.60.  These included email addresses, passwords, links of personal meetings and host keys which are used to claim one’s position as a host upon joining a meeting.

Sample data via Cyble

Furthermore, some of the credentials obtained were also tested and appeared to work which means that the data is indeed legitimate even if some of them may have become useless now due to password changes.

In an exclusive conversation with CEO and Founder of Cyble, Mr. Beenu Arora told Hackread.com that,

“The data was shared with us privately via an App (Telegram) with a Russian-speaking actor. At this point, we have just tested some samples, and a good portion of the samples seems valid. Since Zoom’s user base has expanded so rapidly and with all media coverage, researchers and hackers are looking into them more closely and finding these issues.”

Logan Kipp, director at SiteLock discussed the credential stuffing attack and Zoom’s security with Hackread.com stating that,

“While Zoom’s ease of use has made it popular among users, it would be inaccurate to blame its security issues on this alone. The best way for users to protect themselves is to ensure they utilize a meeting pin and have the host admit attendees to the meeting individually. With the sudden shift to remote work, businesses should educate their employees on security best practices when working remotely and ensure that a VPN is always used when working with business-related materials.”

To conclude, currently, it is recommended that all Zoom users change their passwords to reflect stronger ones along with making sure that they are not re-using their passwords elsewhere keeping in mind the credential stuffing technique mentioned above.

Hackread’s Exclusive: Personal data of 1.41m US doctors sold on hacker forum

For your peace of mind, you can know if you have been compromised in data breaches by entering your email address on services like Have I Been Pwned and Am I Breached. They will also let you know the specific data breaches that led to the compromise in question allowing you to take targeted prompt action.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Related Posts