Hundreds of thousands of Zoom accounts are being sold or given away for free on the dark web and hacker forums, according to a new report by BleepingComputer.
Zoom has surged in popularity in recent weeks as the number of people working from home has increased, but concerns about the videoconferencing app’s security have also made the headlines. However, the availability of Zoom accounts on the dark web does not appear to be a direct consequence the app’s failings.
Rather, the sale of the login details are said to be the result of “credential stuffing attacks,” where hackers attempt to log in to Zoom using accounts leaked in older data breaches.
Successful logins are then collated into lists and sold on or offered for free to other hackers, with the intention of using them in zoom-bombing pranks or for malicious reasons.
The accounts are reportedly being shared via text sharing sites as lists of email addresses and password combinations. The accounts can include a victim’s email address, password, personal meeting URL, and their HostKey.
Cybersecurity firm Cyble, which was able to purchase 530,000 Zoom credentials for less than a penny each at $0.0020 per account, said the Zoom accounts began appearing in the hacker community at the beginning of April, with hackers offering the accounts to build reputation.
The finding underscores the importance of using unique passwords for each website where an account is registered. Concerned users are encouraged to check if their email address has been leaked in data breaches using the Have I Been Pwned website or Cyble’s AmIBreached data breach notification service, and change their Zoom password if necessary.