The seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords, according to security firm Cyble.
3 min read
This story originally appeared on PCMag
Security firm Cyble says thousands of breached Zoom accounts have been circulating in underground hacker forums since April 1. The company told BleepingComputer it purchased access to 530,000 Zoom login credentials for a mere $0.0020 per account.
In return, the seller gave Cyble access to account holders’ email addresses, passwords, personal meeting URLs, and their host keys, which can be used to claim “host controls” for a Zoom meeting.
The seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords. With the aid of automated software tools, a hacker can plug in thousands of potential logins into an internet service to find out the right combinations to break into someone’s user account.
Other services including Amazon, Netflix, and Disney+ are also regularly targeted with automated account hijacking attacks. So it’s strongly recommended you use hard-to-guess, unique passwords on your online accounts. (To help you remember the logins, consider a password manager.)
In Zoom’s case, an account hijacking could be especially serious for people who use the video conferencing service for sensitive business meetings or government purposes. Accessing a Zoom account will also display all the meetings a person has scheduled on the service, with easy access to attend them. According to Cyble, the accounts it bought from the dark web seller appear to be connected to well-known companies such as Chase, Citibank, and educational institutions.
“The data was shared with us privately via an App (Telegram) with a Russian-speaking actor,” Cyble CEO Beenu Arora told PCMag. “At this point, we have just tested some samples, and a good portion of the samples seem valid.”
He expects hackers to continue to target Zoom, given its sudden popularity as a video conferencing option for government agencies, businesses, and consumers.
In response, Zoom says it’s working to crack down on the hacking activities. “We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials,” the company told PCMag. “We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
To change your password, you’ll need to log into Zoom’s website, and go to your account. Under the profile tab and at the section “Sign-In Password,” you can edit your login credential. Unfortunately, Zoom doesn’t appear to offer two-factor authentication for free basic users.