Zoom Credentials Being Sold in Bulk on the Dark Web

Credentials to hundreds of thousands of Zoom accounts are currently being sold for fractions of pennies on the dark web. 

The market for Zoom accounts was initially discovered and reported by Cyble, a cybersecurity firm, which was able to purchase the email addresses, passwords, meeting URLs, and HostKeys to roughly 530,000 accounts for $0.0020 each. The account information is assumed to have been acquired via credential stuffing attacks, where login information from previous data breaches and leaks are leveraged against other accounts. 

In some cases, account information is being given away for free in an attempt to boost the reputation and credentials of hackers. 

“We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,” said Cyble in a statement to BleepingComputer.com.

While Zoom has recently experienced a litany of security and privacy woes following massive growth in the wake of the Covid-19 pandemic, the compromised accounts are more likely the result of poor user data hygiene and re-use of passwords. Zoom users are encouraged to change passwords to any connected accounts, only use unique passwords, and to check whether their email addresses have been compromised on websites and services such as haveibeenpwned.com.

Worried about your cybersecurity needs? Contact Nodal today to get assistance with protecting your company and your remote workforce.