Half a million Zoom accounts for sale on the dark web
Cyber-criminals are selling the credentials for a fraction of a penny each on hacker forums on the dark web – a hidden section of the internet that requires special software to access.
Researchers at online security firm Cyble first discovered the trove of data, which includes the email addresses and associated passwords of around 530,000 Zoom users.
Top ArticlesWhite man arrested for setting fire to the historic courthouse during protests over the police killing of George Floyd
It is believed that the account details were gathered from third-party data breaches rather than a hack on Zoom directly. Using a technique known as credential stuffing, hackers are able to link login details that are used for more than one online account in order to compromise another.
Cybersecurity experts responded to the dark web listings by reiterating the common-sense security practice of not using the same password across multiple websites and apps.
“Hackers use very simple tools to re-use passwords that are stolen in separate data breaches – an attack known as ‘password stuffing’. They are then able to quickly attempt to access all accounts with the same email address as the user name,” said Jake Moore, a security specialist at antivirus firm ESET.
“Zoom users must never use the same password anywhere else, but it is especially crucial that the same password is not used for their email account too, or the attacker would be able to send invites from the victim, making the attack even more dangerous.”
Despite Zoom not being directly implicated, the discovery once again raises security concerns about the video chat app, which has seen a huge surge in popularity in recent weeks as a result of coronavirus containment measures forcing people to work from home.
The company has been criticized for the way it handles users’ personal information, as well as a phenomenon, is known as “Zoombombing”, whereby strangers join meetings and disrupt conversations with offensive language and behavior.