Researchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each
Researchers at cybersecurity firm Cyble found upwards of 500,000 Zoom accounts up for grabs on hacker forums and the dark web, Bleeping Computer reports. Cyble was able to purchase 530,000 accounts for $0.0020 each, and some were being given away for free to enable "Zoombombing" attacks. This doesn't mean Zoom got hacked — the accounts were obtained using "credential stuffing", where hackers use passwords and emails leaked in previous data breaches. If you use the same email and password across lots of different accounts, including your Zoom account, you should try and change to a unique password. Visit Business Insider's homepage for more stories.
Cybersecurity researchers found the credentials for more than 500,000 Zoom accounts either for sale or even being given away for free on the dark web, as reported by Bleeping Computer. Cybersecurity firm Cyble discovered the accounts, many of which were being sold for less than a penny per account. Some were being given away in bulk for free on hacker forums so that people could use them for "Zoombombing" — a form of trolling where malicious actors drop into Zoom calls and post graphic or offensive content. Recent reports of Zoombombing have included trolls targeting anti-Semitic abuse at a virtual synagogue, screaming racist slurs in a meeting for women of color, and trolls dropping into virtual Alcoholics Anonymous meetings to taunt their members. Cyble was able to purchase roughly 530,000 accounts for $0.0020 each, thereby obtaining their email address, password, personal meeting URL, and host key (the 6-digit pin number Zoom meeting hosts can use). Many of the accounts for sale belonged to companies or institutions including Chase, Citibank, and numerous universities. The firm told Bleeping Computer that it had started to see accounts pop up for sale since April 1, with the posters seeking to boost their reputation among hacker communities. This doesn't mean Zoom got hacked. Although the videocall service has been beset with privacy issues since the onset of the coronavirus drove millions more people to its service, the accounts for sale on the dark web were obtained using "credential stuffing" attacks. This means hackers used password-email combinations obtained through previous hacks and tried their luck on people's Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable. Effective ways to negate credential stuffing include using unique passwords for every site you visit online, and checking whether your email address has been leaked in previous data breaches using Have I Been Pwned.SEE ALSO: Zoom's biggest challenge isn't just fixing its security blunders — it's doing so while maintaining what makes it so popular in the first place Join the conversation about this story » NOW WATCH: Jeff Bezos reportedly just spent $165 million on a Beverly Hills estate — here are all the ways the world's richest man makes and spends his money
More like this (3)
If you use Drizly, your data is probably for sale online. The online alcohol delivery service...If you use Drizly, your data is probably for sale online. The online alcohol delivery service recently alerted its customers that a hacker breached its server and lifted a huge chunk of user information—including email addresses, phone numbers, birthdates, hashed password data, delivery addresses, IP addresses and…Read more...
A database containing the personal information of over 142 million MGM Resorts guests is for sale...A database containing the personal information of over 142 million MGM Resorts guests is for sale online. The data is being sold on the dark web for $2,900, and includes sensitive guest information like names, home addresses, phone numbers and more—though no financial information appears to be included.Read more...
Covid-19 has forced millions into the unfamiliar world of the home office, where new security threats...Covid-19 has forced millions into the unfamiliar world of the home office, where new security threats loom. Here’s how to protect yourself and colleaguesBusinesses are used to being prepared for a disaster and most will have had a well-rehearsed continuity plan in place in case one struck. But even the best plan couldn’t have effectively anticipated the wholesale overnight shift to home working that Covid-19 has caused.“As a result,” Morgan Wright, chief security adviser at cybersecurity firm SentinelOne says, “issues of privacy, collaboration, access and compliance have highlighted weakness in policies and gaps in security.” One of the problems is that even at many larger companies, being caught on the hop by the lockdown has meant that individual departments have been left to find their own ways to work collaboratively. Continue reading...