Since the outbreak of COVID-19 there have been many winners and losers, and one company that falls into both baskets is Zoom. They saw enormous growth in their userbase quickly, but also hit the news for the wrong reasons. Everything from Zoombombing – as harmless as that may be – through to account security being compromised.

It’s the latter that has caused the latest and potentially largest impact to users. Cyber security firm Cyble has discovered a significant number of free accounts are being sold online for as little as US$0.002 each. They told Bleeping Computer that they were able to purchase a lot of data:

After seeing a seller posting accounts on a hacker forum, Cyble reached out to purchase a large number of accounts in bulk so that they could be used to warn their customers of the potential breach.

Cyble was able to purchase approximately 530,000 Zoom credentials for less than a penny each at $0.0020 per account.

The purchased accounts include a victim’s email address, password, personal meeting URL, and their HostKey.

This is a big deal, not just for users but people associated with them and their meetings online. The compromised accounts now pose a risk to companies if the emails uses are business emails with shared passwords. If you think your account may be at risk, change your password now.

A Zoom spokesperson supplied Ausdroid with the following statement on the matter:

It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.

For users who spend a lot of time online and have a lot of accounts, it’s important to protect yourself. You can do this by using good password practices. This includes using unique passwords for all sites, making them complex and using a password manager.

Finally, another great resource is to give a site like Have I Been Pwned? your email address. They’ll email you any and every time your email appears in a data breach. This gives you the opportunity to change your password quickly.

4 Comments
newest
oldest
Inline Feedbacks
View all comments
Andrew

A lot of other accounts have been “compromised” from many other platforms. Zoom itself was not hacked. What happened here was people used common passwords between their different service logins with other websites, etc. Perhaps I quick look at some security forums might be fruitful.
Instead what should be being publicised by the media is for people:
1. Not to use simple passwords
2. Do not use the same passwords on other websites, etc. Keep each password unique.

M0381U5

“Compromoised”?
LoL, ok Kim

oppo

why google didn’t promote hangouts when people are really using video conferences

Deej

Hangouts has also been actively ruled out by a lot of companies due to the non-encrypted approach to the data architecture. Having said that, one cannot see the same potential for data breaches of this proportion happening with Google, especially if 2FA has been turned on.