Jessica Goodfellow
Apr 15, 2020

Thousands of Zoom accounts are being sold on the dark web

TECH BITES: More than half a million Zoom accounts are being sold or shared on the dark web.

Thousands of Zoom accounts are being sold on the dark web

A cybersecurity firm has discovered huge volumes of Zoom account details and passwords being sold to hackers on the dark web—which helps explain why there have been so many reports of 'Zoombombing' recently.

Cybersecurity intelligence firm Cyble told publisher BleepingComputer that it was able to purchase approximately 530,000 Zoom credentials—that includes stolen email addresses, passwords, personal meeting URLs, and HostKeys—on the dark web for less than a penny each. It purchased the stolen credentials to warn its customers of a security breach. Cyble said the stolen accounts include ones for well-known companies such as Chase and Citibank, and educational institutions.

The company has also noticed account details being shared for free on hacker forums since the beginning of April.

It is believed that the stolen account details were gathered from past data breaches and linked to Zoom accounts that use the same email address and password combinations—a technique known a credential stuffing.

In a statement sent to Campaign, Zoom said they have already hired intelligence firms to help find these "password dumps" so that they can reset affected users' passwords. Here's the full statement:

It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.

This is the latest in a string of privacy and security concerns surrounding Zoom, which has shot up in popularity as many countries around the world have entered lockdown. This includes privacy violations that apparently put Zoom in breach of GDPR until recently.

The availability of stolen logins on the dark web could help explain why there have been so many reports of 'Zoombombing' over the past few months, in which a hacker breaks into a private meeting to cause disruption. A recent incident in Singapore saw hackers intercept a school lesson and broadcast obscene pictures to some students, leading the government to temporarily ban schools from using the video-conferencing tool. The Ministry of Education is now allowing schools to progressively resume the use of Zoom after having introducing additional layers of defence.

This article is filed under...
Tech Bites: Brief adtech and martech news items

Have a tech or media tidbit that could be included in this column? Email us at: [email protected]

 

Source:
Campaign Asia

Related Articles

Just Published

1 day ago

Creative Minds: How Yuhang Lin went from dreaming ...

The Shanghai-based designer talks turning London Tube etiquette into a football game, finding inspiration in the marketing marvels of The Dark Knight, and why he wants to dine with Elon Musk.

1 day ago

Happy holidays from team Campaign!

As the Campaign Asia-Pacific editorial team takes a holiday bulletin break until January 6th, we bid farewell to 2024 with a poetic roundup of the year's defining marketing moments—from rebrands that rocked to cultural waves that soared.

1 day ago

Year in review: Biggest brand fails of 2024

From Apple’s cultural misstep to Bumble’s billboard backlash and Jaguar’s controversial rebrand, here’s Campaign’s take on the brands that tripped up in 2024, offering lessons in creativity, cultural awareness, and the ever-tricky art of reading the room.

1 day ago

Former GroupM China executives to face Shanghai ...

EXCLUSIVE: The trio will appear before Shanghai's Intermediate Court next week, marking the latest chapter in the bribery scandal that rocked WPP's GroupM China in October last year.