The firm, Cyble, told the website that it purchased the Zoom credentials for only 0.20 cents (0.80 sen) each, claiming that it will use the info to warn its customers of the potential breach.
Cyble said it was able to verify that some of the accounts are valid based on its customers’ info.
The purchased accounts include details such as email address, password, meeting web address and host key, which is a six-digit pin assigned to a user hosting a Zoom meeting.
The host key allows a person to control a zoom meeting, including starting a live stream and ending it for all participants.
Cyble first discovered that the accounts were on sale for others to buy for malicious activities like "Zoom-bombing”, which allows an uninvited guest to hack into a Zoom meeting, on April 1. Some of the accounts were offered for free.
The firm explained that the Zoom accounts were likely obtained by using user details leaked from other data breaches, also known as "credential stuffing attacks".
Successful logins were then compiled into a list and offered to other hackers on the dark web.
This underscores the importance of using a unique password for each online site. Otherwise hackers could use details gleaned from one breached site to break into other accounts.
You can check if your details have been leaked online due to a data breach at Have I Been Pwned or Cyble's AmIBreached.