500,000 Zoom Accounts are Hacked and Given Away For Free On The Dark Web

By: EdTecInfo
2020-Apr-15

 

As the new users of businesses, schools, and other organizations have signedup to the Zoom video conferencing platform to meet during the Coronavirus pandemic.

The cyber risk assessment experts at Cyble recently discovered a hacker selling stolen Zoom credentials at dirt-cheap prices — and in some cases giving them away for free. Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys. Cyble reached out and confirmed that the credentials were indeed valid.

Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct. In at least one case, however, the password listed was one that the user had long since changed. 

It’s likely that most — if not all — of the half-million-plus passwords on offer are old. They might be new to the Zoom accounts in question but may well have been used elsewhere by the same individuals.


Password re-use remains a huge security issue for the general users as users feel like they can’t remember yet another password so they set up new accounts using an old stand-by.

The problem is that by now all of those old stand-by passwords have been filed away in databases by criminal hackers. They’re actively using them to break into accounts using brute force attacks.

Usernames, email addresses, and passwords have been exposed by the billions over the past several years. Creating a new account on Zoom — or any service, for that matter — is simply not a good idea.

Hackers will come knocking. It’s not a question of if. It’s a question of when.

To keep your own account from falling victim to a brute force attacks use unique, strong passwords. Passwords so strong you can’t even remember them.

If you set up a Zoom account recently using one of your old passwords used in facebook, twitter, email or else where reset it to something much more secure than previous one.



Author: Ashmee

Address: Kathmandu, Nepal

leave a comment