Cybersecurity researchers have found that more than 500,000 of the credentials of Zoom Accounts Hacked, those who attended office telephone conferences using the Zoom video conferencing application were sold or distributed free of charge on the Dark Web.
For those who don’t know, Zoom’s popularity has recently increased dramatically as more and more people are forced to work from home amid the coronavirus pandemic (COVID-19).
The accounts discovered by the Cybersecurity Cyble intelligence company were sold on pirate forums for less than a penny for each account, while some were distributed free of charge.
Cyble was able to purchase 530,000 Zoom credentials for $ 0.0020 for each account, including details such as email addresses, passwords, personal meeting URLs, and Zoom host keys (one six-digit pin associated with the owner’s account )
Several sales accounts belonged to institutions or companies, especially Citibank, Chase, etc., as well as universities and colleges such as the University of Vermont, Dartmouth, Lafayette, the University of Florida, the University of Colorado, and others.
Bleeping Computer and Cyble verified the authenticity of accounts belonging to some of their customers and verified their validity.
Zoom accounts began to go on sale around April 1, and hackers are offering accounts to build a reputation among pirated communities, Cyble BleepingComputer said.
According to the report, accounts for sale on the dark web are the result of “credential jamming attacks” rather than Zoom accounts hacked. This means that hackers used password-email combinations obtained from accounts that were discovered during earlier hacking of data to check them on Zoom accounts.
Successful connections are then compiled into lists that are sold or offered free of charge to other hackers so that they can use them as jokes with zoom bombings (in which uninvited participants interrupt meetings with hateful content or pornographic content) and malicious activity.
These accounts will be transmitted through text-sharing sites where published lists of email addresses and passwords are published.
How to verify that your Zoom account has been hacked?
If you think your email address is leaked, you can check it using the AmIBreached data breach notification service from Cyble’s and Have I Been Pwned then change your Zoom password, especially if this password is used elsewhere.
In order not to divulge your account information, it is recommended to use unique passwords for each website, service, and application that you use.
Zoom received a negative reaction to damaged privacy and security measures. The company’s CEO, Eric Yuan, also acknowledged these concerns, saying: “[We] acknowledge that we have not met the expectations of the community – and ours – in terms of privacy and security. I’m sorry about that. ”
Recently, Zoom announced a 90-day blocking of functions and allocated its resources to identify, solve and solve existing security problems in the service. During this period, no new features will be deployed until the current feature set has been fixed.