Zoom security woes worsen: 500,000 Zoom accounts sold on dark web, says report
Hackers are selling users' email addresses, passwords, personal meeting URLs and host keys, including of companies like Citibank
Chennai: Hacked Zoom accounts are reportedly being sold on the dark web where hackers can buy details of users’ passwords and email addresses, making them vulnerable to phishing and identity theft.
Cybersecurity firm Cyble saw a spike in Zoom accounts being sold since April, a report by BleepingComputer said.
Over 500,000 Zoom account credentials were being sold to hackers, some of them genuine, Cyble was reported as saying. These were being used for Zoombombing by hackers—showing up on private meetings uninvited.
The credentials being sold were from earlier hacks, reports said. That is, if a Zoom account holder was using the same password as on his/her email or other apps, which might have been hacked before, hackers gained easy access to the person’s Zoom account using the same password.
The hackers then collected the Zoom account details and put them on sale online.
Cyble's experts were able to purchase 530,000 credentials such as email addresses, paswords, personal meeting URLs and host keys (a 6-digit pin number used to host Zoom meetings) for as little $0.002 per account. Some were even available free of cost.
Some of these account details were verified by Cyble, which confirmed they belonged some high-profile clients of theirs.
Chase and Citibank were among big companies whose Zoom credentials had been sold by hackers, the cybersecurity firm said.
Zoom had become the go-to videoconferencing web and mobile app as countries restricted movement of people to fight the coronavirus pandemic and most people began working from home and socialising online through video meetings.
As popular as it became, Zoom has also been facing major security issues. Apart from hackers Zoombombing meetings, the videoconferencing company was also criticised for routing calls through servers in China.
Although CEO Eric Yuan apologised for what he called a mistake, data privacy advocates warned that using Chinese servers and Chinese encryption keys made the Zoom meetings open to eavesdropping by the Chinese government.
Other problems Zoom faced included data from the app being sent to Facebook on Apple devices, which Zoom is said to fixed since.
Due to the hacks and data breaches, companies such as Google and Spacex banned its employees from using Zoom on their office laptops. Even the Government of India sent out an advisory asking government officials to shun third-party apps as they are unsecure.