Hacked Zoom accounts have Swipebecome merchandise that's sold en masse on the dark web and through hacker forums, new report claims.
According to BleepingComputer, which spoke to cybersecurity company Cyble, there are currently over 500,000 Zoom account credentials being sold, and while most of them seem to stem from earlier, unrelated hacks, some of them are genuine.
Cyble's experts noticed the influx of Zoom accounts for sale on April 1, and were able to purchase 530,000 of them at a bulk price of $0.002 per account. Some accounts, the report claims, are even being shared for free.
These credentials include a Zoom user's email address, password, personal meeting URL, and their host key — a six-digit pin tied to the owner's Zoom account, which is used to claim host controls for a meeting. And some of these account details belong to high-profile companies including Chase and Citybank, according to Cyble, which checked the veracity of the accounts belonging to some of their clients and confirmed they were valid.
Even though Zoom has had its share of security and privacy blunders, recently prompting the company to halt features development for 90 days in order to fix them, these account credentials do not appear to be a result of a Zoom hack. More likely, they've been gathered by a technique called credentials stuffing, in which hackers use older databases of stolen user account credentials and test them against Zoom accounts.
SEE ALSO: Man creates hilarious AI version of himself to take his spot during Zoom callsThis isn't the first time we've seen Zoom accounts circulated on the dark web, but previous reports saw a much smaller number of accounts being sold. Now that the numbers are in the hundreds of thousands, this is becoming a serious threat to Zoom users. These accounts can be used for simple trolling via bursting into someone's Zoom meeting unannounced, but also for eavesdropping and identity theft.
The practice of crashing someone's Zoom meeting has become so commonplace that it now has a name — Zoombombing — and while Zoom did address the issue in a recent update, this doesn't help if a hacker has your Zoom account credentials.
As always, the best protection from these types of attacks is never to re-use old passwords. That's where password management tools such as LastPass and Dashlane come in handy, as they allow you to store a large number of different account credentials and protect them all with one master password.
UPDATE: April 14, 2020, 9:20 p.m. CEST A Zoom spokesperson sent Mashable the following statement: "It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
Topics Cybersecurity
Best speaker deal: Save $30 on the JBL Clip 5
The 'crying Northwestern kid' is all grown up now
2018 Whiting Awards: Tommy Pico, Poetry
Crossing Over
The Sound and the “Furious”
15+ Black Friday 2023 Chromebook deals at Best Buy
4 best small businesses to shop from this month
All the best mattress deals for Black Friday 2023
How to Squeeze the Most Out of Your iPhone's Battery
Moon phase and astrology compatibility explained
The best day to book your flight, according to Google
Memoirs of an Ass: Part 2
Poetry Rx: Queer Addiction and “America First” Jingoism
100+ Black Friday laptop deals 2023: Apple, Dell, more
This fat bear's before and after photos are stunning
Phoning Home
Incarnadine, the Bloody Red of Fashionable Cosmetics and Shakespearean Poetics
Young men are stressed out about sex, report finds
Best Max streaming deal: Save 20% on annual subscriptions
100+ Black Friday laptop deals 2023: Apple, Dell, more
Facebook blocked emergency wildfire information as 'spam'Facebook blocked emergency wildfire information as 'spam'Disney+ deal: How to get the best deal on Disney PlusSex toy deals to shop right now [September 13, 2024]Broncos vs. Steelers 2024 livestream: How to watch NFL for freeNew York Liberty vs. Dallas Wings 2024 livestream: Watch WNBA for freeBumble AI photo picker tool in the worksWhere to preWebb telescope peers into our galaxy's outskirts, sees stunning sceneWhy is Gen Z traumaAmazon deal of the day: $120 off the Apple iPad Mini'Beetlejuice lips' challenge filler norms on TikTokTaylor Swift's voter registration link saw over 337,000 visitorsNYT mini crossword answers for September 13Amazon deal of the day: $120 off the Apple iPad MiniMicrosoft outage: Users report 365 issues againSeattle Storm vs. Dallas Wings 2024 livestream: Watch live WNBASnag an Amazon Echo on sale before Prime DayScientists are collecting pee from SpaceX travelers. There's a good reason.Spurs vs. Arsenal 2024 livestream: Watch Premier League for free Start saving now Teen runs a half Some dude wearing an Australian flag jumped onstage at Eurovision and mooned everyone Dramatic Venice sculpture comes with a big climate change warning Exhaustive report on the alt Dear Star Wars fans naming your sons Kylo: Why? Lance Armstrong posts video of Lance Armstrong to prove Lance Armstrong isn't dead Delta sign error hints that the coming tech ban on planes will cover nearly everything Virtual reality patients are teaching med students how to break bad news Delta will let you drop bags at airports by just scanning your face Groom thanks Tesla Model X for keeping him safe after crash Heroic delivery man brings pizza to 'hangry' stranded train passengers 9 of the best British films you've never seen Pepsi messes up again with the promise of a cinnamon One Direction broke the boy band mold. Now they're dividing and conquering. Snapchat world lenses A place for pro athletes to share the selves that fans never see Harry Styles slays with his surprise cover of Kanye's 'Ultralight Beam' Here's what Jay Z's world will look like by the time his insane new deal is up Mobile Facebook navigation feature makes the app even easier to use