• Half a million Zoom accounts have been sold

    Date:15 April 2020 Author: Kyro Mitchell Tags:,

    Zoom has seen a significant rise in popularity as a majority of the world’s workforce are working from home. While Zoom’s benefits, like a range of video and web conferencing feature are clear for all to see, it appears as though the application is not as secure as most would like it to be.

    According to reports from Bleeping Computer and Cyble, the credentials of over 500,000 Zoom accounts were being sold for a cut-price on the darkweb.

    Cyber risk intelligence company Cybel reached out to the seller of the Zoom accounts and managed to purchase 530,000 Zoom credentials at around 50c ($0.0020) each. “These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations,” as reported by Bleeping Computer.

    The Zoom credentials being sold reportedly include vital information like email addresses, meeting URLs, passwords, and of course HostKeys, a six-digit pin tied to the owner’s Zoom account, which is used to claim host controls for a particular meeting.

    What makes this breach in security even more worrying is the fact that most of the accounts belonged to well-known companies such as Chase, Citibank, and 290 universities and colleges.

    Zoom responded to this breach in a statement to Mashable on 14 April – “This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”

    Image: Pixabay