According to Bleeping Computer, more than 500,000 Zoom accounts were offered for sale on the dark web and also on hacker forums, with some others being distributed for free.
Using previously leaked account logins and passwords, hackers were able to test new credentials, and the ones that worked were resold to other hackers. While some bills were distributed for free, those that were sold cost around R $ 0.10 per one. Bleeping Computer contacted some of these accounts and was able to prove that some commercialized credentials were actually valid.
In an attempt to alert some of its customers to the leak of information, the digital security and intelligence company Cyble has bought about 530,000 credentials. The data provided for each account included the user’s email address, password, personal meeting URL and HostKey.
Cyble said the accounts belong to people from numerous large companies, such as Chase and Citibank, as well as dozens of universities around the world. The company also confirmed with some of its customers that the credentials made available by the hackers were legitimate.
After the new coronavirus pandemic, the quarantine decree in several countries caused thousands of people to start working and studying from home. In this sense, videoconferencing applications have seen a significant increase in popularity, including Zoom.
The problem is that, as Zoom became popular, several security issues involving the app’s platform were also exposed.
Keep your account safe
Despite the risk of leaking credential information, creating a secure password can be useful to prevent your data from being exposed.
With each leak of credentials, if you have an account on the related platform, changing the password is highly recommended.