The login details of at least half a million Zoom accounts have been sold on dark websites and hackers. They are sold at minimal cost and sometimes even given for free (via BleepingComputer).
Sign-in attack exposes account information
Login credentials are obtained through replenishment additions – hackers attempt to login to Zoom using data from previous violations. The credentials that result in successful signups are sold for negligible amounts or given away for free. (Cybersecurity firm Cyble bought approximately 530,000 credentials for $ 0.0020 per account.) Hackers can then “zoom in” on the victims or perform other attacks and jokes. Some degrees were associated with educational institutions or large banks.
More bad news for Zoom?
All this seems like bad news to Zoom. And in the end it is. However, there are a few things to keep in mind. First, it is likely that hackers acquired some of the credentials that were currently sold in previous padding attacks. Second, attacks of this kind are not specific to Zoom. However, this emphasizes two things:
- Use a strong password, preferably with a third-party password manager or Apple’s keychain feature, and change it regularly.
- Take precautions to stay safe when using Zoom. A simple, but by no means exhausting step is to close the room when your meeting has started.