Credentials for at least half-a-million Zoom accounts have been sold across the dark web and hacker forums. They are being sold at minimal cost, and sometimes even being given away for free (via BleepingComputer).
Credential Stuffing Attack Exposes Account Details
The credentials are acquired via credential stuffing attacks – the hackers try to login to Zoom by using data from previous breaches. Credentials that result in successful logins are sold for negligible amounts or given away for free. (Cybersecurity firm Cyble purchased around 530,000 credentials at $0.0020 an account.) Hackers are then able to ‘Zoombomb’ victims or conduct other attacks and pranks. Some of the credentials were associated with educational institutions or major banks.
More Bad News for Zoom?
This all sounds like more bad news for Zoom. And, ultimately, it is. However, there are a couple of things to note. Firstly, it is likely that hackers acquired some of the credentials now being sold during previous credential stuffing attacks. Secondly, these kinds of attacks are not specific to Zoom. It does underline two things though:
- Use a strong password, preferably by using a third-party password manager or Apple’s keychain feature, and change it regularly.
- Take precautions to keep safe when you’re using Zoom. One simple, but by no means comprehensive, step is to lock the room when your meeting has begun.