Login Credentials for Over 500,000 Zoom Accounts on Sale Via the Dark WebThe seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords, according to security firm Cyble.
By狗万滚球app•
This story originally appeared onPCMag
You might want to place a strong password on yourZoomaccount. Otherwise, it could end up for sale on thedark web.
Security firm Cyble says thousands of breached Zoom accounts have been circulating in underground hacker forums since April 1. The companytoldBleepingComputer it purchased access to 530,000 Zoom login credentials for a mere $0.0020 per account.
In return, the seller gave Cyble access to account holders' email addresses, passwords, personal meeting URLs, and their host keys, which can be used to claim "host controls" for a Zoom meeting.
The seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords. With the aid of automated software tools, a hacker can plug in thousands of potential logins into an internet service to find out the right combinations to break into someone's user account.
Other services including Amazon, Netflix, and Disney+ are also regularlytargetedwith automated account hijacking attacks. So it's strongly recommended you use hard-to-guess, unique passwords on your online accounts. (To help you remember the logins, consider apassword manager.)
In Zoom's case, an account hijacking could be especially serious for people who use thevideo conferencing servicefor sensitive business meetings or government purposes. Accessing a Zoom account will also display all the meetings a person has scheduled on the service, with easy access to attend them. According to Cyble, the accounts it bought from the dark web seller appear to be connected to well-known companies such as Chase, Citibank, and educational institutions.
"The data was shared with us privately via an App (Telegram) with a Russian-speaking actor," Cyble CEO Beenu Arora told PCMag. "At this point, we have just tested some samples, and a good portion of the samples seem valid."
He expects hackers to continue to target Zoom, given its sudden popularity as a video conferencing option for government agencies, businesses, and consumers.
作为回应,变焦说努力打击on the hacking activities. "We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloadingmalwareor giving up their credentials," the company told PCMag. "We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts."
Tochange your password, you'll need to log into Zoom's website, and go to your account. Under the profile tab and at the section "Sign-In Password," you can edit your login credential. Unfortunately, Zoom doesn't appear to offertwo-factor authenticationfor free basic users.