Over 500,000 Accounts on Zoom Are Being Sold on Hacker Forums and the Dark Web
Recent reports have said that over 500,000 Zoom accounts are
now being sold for less than a penny each on the dark web and hacker forums;
many are being given out for free. These data are being gathered through
stuffing attacks where malevolent actors attempt to log into Zoom using
accounts that were leaked in old data breaches. These were then compiled into
lists that were sold to various hackers.
Some of these accounts are now being offered on hacker
forums so that they can use them in "zoom bombing" calls, and to
perform malicious activities and pranks all over social media; other accounts
are being sold for a very low price.
Cyble, a cybersecurity firm, told BleepingComputer that on
April 1 that hackers began to share Zoom accounts by posting on hacker forums to
increase their reputation in the hacker community. These accounts were then
shared through sharing sites as they posted lists of password combinations and
email addresses.
Some 290 accounts connected academic institutions like the
University of Dartmouth, University of
Colorado, University of Lafayette, University of Florida and others have been
given out for free. BleepingComputer contacted several random email addresses
that were exposed and they confirmed that some of the credentials and
information are correct.
It was also uncovered that some of the accounts are old
since one exposed user told BleepingComputer that the password listed is an old
one--which indicates that some of these accounts were most likely from older
credentials stuffing attacks.
After witnessing a seller post accounts on these hacker
forums, cybersecurity firm Cyble automatically reached out to buy a massive
amount of accounts in bulk so that they could use these to warn customers of
the possibility of a breach. Cyble purchased at least 530,000 Zoom accounts for
less than a penny each at $0.0020 per credential. These accounts consist of the
user's HostKey, personal meeting URL, email address and password.
Cyble told BleepingComputer that these Zoom accounts also
include those of large companies in the educational sector, as well as the
banking industry.
According to BleepingComputer, if you have a Zoom account,
you need to change your password immediately.
"With these attacks utilizing accounts exposed in past
data breaches and then being sold online, using a unique password at every site
will prevent a data breach from one site affecting you at a different site. You
can also check if your email address has been leaked in data breaches through
the Have I Been Pwned and Cyble's AmIBreached data breach notification
services," said BleepingComputer.
Both of these online services will basically list data
beaches that contain your email address and will confirm if your credentials
have been exposed or not.
Comments
Post a Comment