ADVERTISEMENT

Researchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each

Researchers at cybersecurity firm Cyble found upwards of 500,000 Zoom accounts up for grabs on hacker forums and the dark web, Bleeping Computer reports.

zoom seder
  • Cyble was able to purchase 530,000 accounts for $0.0020 each, and some were being given away for free to enable "Zoombombing" attacks.
  • This doesn't mean Zoom got hacked the accounts were obtained using "credential stuffing", where hackers use passwords and emails leaked in previous data breaches.
  • If you use the same email and password across lots of different accounts, including your Zoom account, you should try and change to a unique password.
  • Visit Business Insider's homepage for more stories .
ADVERTISEMENT

Cybersecurity researchers found the credentials for more than 500,000 Zoom accounts either for sale or even being given away for free on the dark web, as reported by Bleeping Computer.

Cybersecurity firm Cyble discovered the accounts, many of which were being sold for less than a penny per account. Some were being given away in bulk for free on hacker forums so that people could use them for "Zoombombing" a form of trolling where malicious actors drop into Zoom calls and post graphic or offensive content.

ADVERTISEMENT

Cyble was able to purchase roughly 530,000 accounts for $0.0020 each, thereby obtaining their email address, password, personal meeting URL, and host key ( the 6-digit pin number Zoom meeting hosts can use). Many of the accounts for sale belonged to companies or institutions including Chase, Citibank, and numerous universities. The firm told Bleeping Computer that it had started to see accounts pop up for sale since April 1, with the posters seeking to boost their reputation among hacker communities.

This doesn't mean Zoom got hacked. Although the videocall service has been beset with privacy issues since the onset of the coronavirus drove millions more people to its service, the accounts for sale on the dark web were obtained using "credential stuffing" attacks. This means hackers used password-email combinations obtained through previous hacks and tried their luck on people's Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable.

Effective ways to negate credential stuffing include using unique passwords for every site you visit online, and checking whether your email address has been leaked in previous data breaches using Have I Been Pwned .

See Also:

ADVERTISEMENT

FOLLOW BUSINESS INSIDER AFRICA

Unblock notifications in browser settings.
ADVERTISEMENT

Recommended articles

10 least powerful African passports in 2024

10 least powerful African passports in 2024

Top 10 African countries with the largest labor force

Top 10 African countries with the largest labor force

Video footage of Asian man beating two Africans sparks racism comments online

Video footage of Asian man beating two Africans sparks racism comments online

East Africa’s future in energy shines brighter on the continent

East Africa’s future in energy shines brighter on the continent

Infinix NOTE 40 Series takes centre stage with all-round fastcharge 2.0

Infinix NOTE 40 Series takes centre stage with all-round fastcharge 2.0

Here are the new causes of Nigeria’s inflation according to the CBN governor

Here are the new causes of Nigeria’s inflation according to the CBN governor

Russian troops have entered base housing US military forces in Niger

Russian troops have entered base housing US military forces in Niger

Digitalisation: A revolution in financial services

Digitalisation: A revolution in financial services

Most valuable airline loyalty programs in Africa

Most valuable airline loyalty programs in Africa

ADVERTISEMENT