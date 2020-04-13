It seems like an eternity has passed since Zoom starred in headlines for adding millions of users in less than a month. But only two weeks ago: afterwards we learned about the lack of encryption, about the transfer of data to China, about the theft of credentials and the ‘meeting’ of videoconferences to broadcast porn videos.

And now we add something else to the list: according to information released by cybersecurity intelligence firm Cyble, and echoed by BleepingComputer, there are cybercriminals in the Dark Web forums selling (and even giving away) Zoom credentials. Specifically, more than half a million accounts.

Zoom grows dwarfs … now on the Dark Web

Accounts are selling for less than a penny in some cases (Cyble employees were able to purchase a ‘pack’ of 530,000 for less than $ 0.002 each), and some crackers get to give them away simply to gain reputation Within their community, while others are selling filtered lists, in which they separate usable accounts and those whose credentials have already been changed by users.

These credentials (that is, the combination of email and password, but also the personal meeting URL and your HostKey) are being sold for the purpose of practicing ‘zoombombing’ (the fashion to ‘hijack’ these video conferences to broadcast pornographic videos), but without ruling out other kinds of malicious purposes.

From Cyble they claim to have contacted several random emails included in the data they bought, and to have verified that they actually correspond to Zoom users, although in some cases they have clarified that the included password was already old, which suggests that data has also been collected from old leaks to ‘fill in’.

Cyble has explained that many of these accounts were linked to large companies (such as Chase or Citibank) and to educational institutions (such as the University of Vermont, the University of Colorado, Dartmouth, Lafayette, Florida, etc.).

If you are a Zoom user, the best thing you can do is to heal yourself in health and change your password as soon as possible… and those of all those accounts in which you came using the same password.

If you want to make sure if your account is among those affected, you can resort to the services included in some password managers or to websites such as Have I Been Pwned, which lists all the data leaks suffered by accounts linked to the entered email.

Image | Marco Verch

Share



There are over half a million Zoom user accounts for sale to the Dark Web, according to a cybersecurity firm.