Over 500,000 Zoom accounts on sale on dark web for less than 1 sen each


  • Technology
  • Tuesday, 14 Apr 2020

You can check if your details have been leaked online at Have I Been Pwned or Cyble's AmIBreached. — Bloomberg

A cybersecurity firm claimed it has purchased about 530,000 Zoom accounts from a hacker on the dark web, according to a report by website BleepingComputer.

The firm, Cyble, told the website that it purchased the Zoom credentials for only 0.20 cents (0.80 sen) each, claiming that it will use the info to warn its customers of the potential breach.

Cyble said it was able to verify that some of the accounts are valid based on its customers’ info.

The purchased accounts include details such as email address, password, meeting web address and host key, which is a six-digit pin assigned to a user hosting a Zoom meeting.

The host key allows a person to control a zoom meeting, including starting a live stream and ending it for all participants.

Cyble first discovered that the accounts were on sale for others to buy for malicious activities like "Zoom-bombing”, which allows an uninvited guest to hack into a Zoom meeting, on April 1. Some of the accounts were offered for free.

The firm explained that the Zoom accounts were likely obtained by using user details leaked from other data breaches, also known as "credential stuffing attacks".

Successful logins were then compiled into a list and offered to other hackers on the dark web.

This underscores the importance of using a unique password for each online site. Otherwise hackers could use details gleaned from one breached site to break into other accounts.

You can check if your details have been leaked online due to a data breach at Have I Been Pwned or Cyble's AmIBreached.
Article type: free
User access status:

Zoom , Video Conferencing , Dark Web

   

Did you find this article insightful?

Yes
No

88% readers found this article insightful

Across the site