The controversial Zoom videoconferencing application, which after rising like a foam due to the coronavirus, has been put at the center of the controversy precisely due to security breaches in its application, now it is again: half a million user accounts are being sold on the dark side of the internet. Indeed, 500,000 accounts have been hacked and attackers are trying to sell them on the web site.

But This time it’s not Zoom’s fault, but its own users. These would have used the same password for Zoom as for other web services. For this reason, someone only needed an algorithm that would catch Internet databases with stolen emails with their respective passwords and tried their luck at Zoom, finding at least 530,000 accounts.

That is to say, the leaks are old and from other websites that have been hacked in the past, but many of the accounts work, which shows how people use the same email and password for all their profiles on the Internet, allowing, if someone finds out their password, to access all their services. Therefore, if you have a Zoom account or if you use the same password on various web services, we strongly recommend that you change it as quickly as possible.

More than half a million accounts are compromised: change your password

According to Bleeping Computer, this list of accounts and passwords, which also includes other information such as the personal meeting link and host key of each of the ** 530,000 accounts, It was purchased by security firm Cyble for just $ 1,000 –In order to notify users that they had been hacked–, which leaves a unit price for each of these accounts of $ 0.002. In other words, with a penny, we could buy the credentials to access five Zoom accounts.

But there is more: the same company claims that since April 1 these accounts can be found on dark web forums completely free of charge –After all, they are account credentials that have been in circulation for many months. Bleeping Computer contacted some of those accounts on a random basis, and while some people stated that those passwords had been previously, many others are still active.

The firm itself has recognized that this is true – despite the fact that, as we indicated, they are not responsible for it – and has stated that have already hired a security company to help find which accounts are affected, so that these users are forced to change the password.

“It is common for web services that provide services to users to be subjected to this type of attack that normally involves malicious people testing a large number of compromised accounts from other platforms to see if users have used them again. This type of attack does not affect all our users […] we are blocking accounts that have been compromised, asking users to change their passwords for something more secure and we are looking to implement additional technology to reinforce our work, “Zoom explained to Bleeding Computer in a statement.

