The Zoom video app has experienced a surge in popularity as around 20 per cent of the world’s population are currently in lockdown due to the coronavirus pandemic. At the time of writing Zoom is the number one free app on the Apple App Store while it is also in the Google Play selection of top apps.
Latest stats say that Zoom’s daily users have spiked from a previous maximum total of 10million to more than 200million in March – a staggering increase.
This rise in users has also seen Zoom get a much higher profile, which unfortunately has not gone unnoticed by hackers.
It has just been revealed that more than half a million Zoom accounts are being sold on the dark web and on hacker forums.
As reported on in a post by Bleeping Computer, these accounts are being sold for less than a penny each and in some cases are being given away entirely for free.
- Zoom security fear: FBI issue terrifying Zoombombing warning
These login details have been gathered via credential stuffing attacks.
This is when bad actors gather login details that have been leaked in previous breaches and then use this information to access Zoom.
The successful credentials are then compiled into a list and sold onto hackers.
Free Zoom accounts being posted on hacker forums were first spotted on April 1 by cybersecurity intelligence firm Cyble.
Threat actors have been posting lists of email addresses and the relevant passwords needed to access Zoom on these text sharing sites.
Bleeping Computer was able to confirm that some of the details leaked in one such list was accurate.
- Zoom hit with lawsuit over security and privacy flaws
While Cyble were able to purchase a large number of Zoom accounts in bulk in order to warn customers of the breach.
They purchased approximately 530,000 credentials at $0.0020 per account.
Stolen details included the victims’ email address, password, personal meeting URL and their HostKey.
Cyble said accounts tied to big name companies like Citibank and Chase were among this huge bulk of stolen login details.
In a statement Zoom said they have enlisted the help of intelligence firms in their efforts to fight the password dump.
They said: “It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere.
“This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems.
“We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.
“We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
Source: Read Full Article