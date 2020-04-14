The access credentials (email, password, etc.) corresponding to over 500 billion Zoom accounts They have been published on the dark web, according to Bleeping Computer.

The list of emails and passwords does not come from a security breach in Zoom, the video conferencing application that, due to the expansion of COVID-19, has boomed in popularity. Hackers, instead, took advantage of the inadvisable but common practice of repeating passwords on different online services, they started logging in to Zoom using leaked passwords for security breaches suffered by other services in the past and published those credentials that turned out to be correct.

These Zoom access credentials started appearing on the dark web around April 1, as explained by cybersecurity firm Cyble to Bleeping Computer. In some cases, the credentials are offered for free, while in others they are sold for less than a penny.

Bleeping Computer claims to have contacted some of the email addresses included in the listings published by the hackers. Many of Affected users confirmed that the published passwords were correct.

Filtered access credentials include accounts belonging to large companies like JP Morgan Chase, Citibank and even educational institutions like the University of Florida, the University of Colorado or the University of Vermont.

How to know if you have been affected

Reusing the same combination of email and password in different services is common but highly discouraged practice. If a service suffers from a security breach in which users’ passwords are compromised, hackers would not only obtain the information stored in said service, they could also access accounts created on other platforms, including banking services, emails and even photographs stored in the cloud.

To verify if an email address has been compromised in a security breach, the most effective option is to use tools like Have I Been Pwned or AmIBreached, which alert the user when any of their accounts may have been affected.

To facilitate the use of different passwords in all services, there are tools like 1Password, LastPass or iCloud Keychain that generate and store the different access credentials in a simple, secure and efficient way. Furthermore, on these platforms, access data is protected with multiple layers of security and encryption.

