A cyber security company has announced that hundreds of thousands of Zoom users’ account information is sold on hacker forums and on the dark web. Well-known companies as well as various educational institutions were affected by the attack.
Cyber security company Cyble reported that a hacker community has begun to see its Zoom accounts publish information on the dark web and hacker forums to gain more reputation. Hundreds of thousands of Zoom users were affected by the leak.
The published information includes many educational institutions such as University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, as well as Zoom accounts of various companies. A user affected by the attack said that the password on the list was outdated and that the leak may have been caused by previous attacks.
530,000 Zoom users affected by data breaches
Cyble, who found that a seller shared an account on the hacker forum, started buying account information to warn his customers of potential attacks. The company was able to purchase the credentials of approximately 530,000 Zoom users by paying $ 0.0020 per account. The information purchased includes the victims’ email address, password, personal URL, and HostKeys.
Cyble said the leaks included accounts from banking companies such as Chase, Citibank, various educational institutions, and many other well-known companies. The company also identified Cyble’s customers’ accounts and confirmed that they are valid account credentials.
“Change your Zoom password for your security”
Users affected by credential filling attacks are suggested to change the password of Zoom accounts. Zoom users can also check if their accounts have been leaked through Have I Been Pwned and Cyble’s AmIBreached websites. Both services verify the status of your credentials with your email address.
Cyble noted that credential stuffing attacks are largely targeting Zoom users, but the stolen accounts are not specific to the video conferencing service.