Over 500,000 Zoom accounts are currently being sold on the dark web for less than a penny.
According to reports, that hacks are done via login attempts using accounts leaked in old data breaches. The gathering of the leaked data is known as ‘credential stuffing’. Upon being successful, the data is sold across the web to hackers. The credentials include a Zoom user’s email address, password, personal meeting URL, and their host key — a six-digit pin tied to the owner’s Zoom account
Cyble, a global cybersecurity firm, told BleepingComputer they saw number of Zoom accounts were up for sale from April 1st, 2020. The sale of the accounts were linked to increased population among the hacker community.
BleepingComputer contacted the email addresses linked to the hacks, and they confirmed the login details were correct. Cyble revealed that some of the accounts are connected with large companies, including Chase and Citibank, and educational institutions.
Keep Your Account Safe
Everyone is susceptible to credential stuffing attacks, and there are simple ways to prevent yourself from falling victim to it. For the accounts you have with other websites, make sure to keep all passwords linked to the same email addresses different.
For further diagnosis, you can also check if your details has been breached by using Cyble’s AmIBreached data breach notification services.