Zoom users beware! Details of over 5 lakh accounts listed on dark web for less than a penny
Zoom has been in the middle of a privacy storm for quite some time. Now, the app has another thing to worry about. Details of over five lakh account holders have been listed on the dark web.
According to a report by Bleeping Computer, account details of over 5 lakh accounts are being sold on dark web and other hacker forums for less than a penny. In some cases, these details are being given away for free.
These account credentials have been gathered via stuffing attacks wherein hackers attempt to login into users' Zoom accounts using accounts leaked in older data breaches. The successful logins are then compiled into a list and then sold to other hackers via dark web or via hacker forums.
The report further states that in some cases these account details are given away for free to hackers on various hacker forums so that they can be used in malicious activities.
Cybersecurity security firm Cyble told the publication that it began seeing free Zoom accounts being posted on hacker forums on April 1 this year. The account information included details such as users' email addresses, passwords, their personal meeting URLs, and their HostKey. The cyber-security firm also told the publication that the account credentials were shared with the hackers via text sharing sites wherein treat actors post lists of email addresses and password combinations.
Cyble said that it was able to reach out to a number of Zoom users mentioned in these lists which includes users from Citibank, Chase, educational institutions such as the University of Florida and Dartmouth among others. It was also able to confirm that the details present in these listings were indeed valid credentials. However, in one case a user told the company that the listed password was an old one, which indicates that the credentials available on these hacker forums are from older stuffing attacks.
Zoom hasn't responded to the matter yet. In the meantime, Zoom users can change their account passwords in order to safeguard their accounts.