Zoom account credentials of more than 500,000 users are being sold on the dark web as the video conferencing service has gained momentum in the past few months. Due to the Coronavirus outbreak in different parts of the world, people and businesses are forced to work from home and as such, video conferencing services are picking up more users with each passing day.
Zoom gained popularity as schools and corporates started using zoom’s video conferencing app, gaining as much as 2.22 million users by February. By March, the service clocked 200 million daily average users, but Zoom was also subjected to scrutiny after it was found lacking in several privacy and security norms that led to a blanket ban by the schools in New York City.
Now, according to the latest report by Bleeping Computer, more than 500,000 Zoom credentials are being sold online on forums and the dark web “for less than a penny each, and in some cases, given away for free.” The report states that the Zoom accounts started surfacing on hacker forums and communities to gain reputation points.
Zoom account details of colleges including the University of Vermont, University of Colorado, Dartmouth, Lafayette and the University of Florida have been posted for free on one of the forums. The leaked account details reveal a user’s email address, password, meeting URLs and HostKeys and is that alarming enough.
Cyble, a cybersecurity firm has been tracking the developments in this space and was able to purchase as many as 530,000 Zoom account details at around $0.0020 per account. The firm has revealed that the listing they have contains Zoom details of companies such as Citibank and more.
In a statement issued to Bleeping Computer, Zoom says that it is already working on strengthening its security measures in place and that this attack doesn’t affect its enterprise consumers because they use single sign-on systems. “We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials,” the statement reads.
If you’re someone who’s used Zoom in recent months and this attack on the video conferencing service bothers you, in a personal capacity you can ensure the safety of your account details by charging the password. Another tip is to use a unique password for Zoom than all your other passwords, adding a second layer of security.