Thousands of Zoom Login Credentials for Sale on the Dark Web


Dark web

The account information of thousands of Zoom users reportedly is for sale on the dark web.

According to a BleepingComputer report, more than 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each. And in some cases they’re given away for free.

Zoom already is in hot water for security and privacy issues.

Some of the Zoom accounts are offered for free on hacker forums to use in zoom-bombing pranks and malicious activities, according to the report. The accounts are shared via text-sharing sites where threat actors are posting lists of credentials, it said.

In a statement to Channel Partners, Zoom said it’s common for web services that serve consumers to be targeted by this type of activity. It typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere, it said.

“This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems,” it said. “We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure and are looking at implementing additional technology solutions to bolster our efforts.”

SiteLock's Logan Kipp

SiteLock’s Logan Kipp

Logan Kipp is director of sales engineering at SiteLock. He said credential stuffing attacks pose a threat to anything with a login. If users reuse old and previously hacked passwords, hackers can easily infiltrate these systems.

“To be proactive about password reuse, apps can require additional authentication methods to better protect its users who are password repeaters, and leverage authentication solutions that check user-submitted passwords against databases of compromised credentials,” he said.

What’s most concerning about Zoom credentials for sale on the dark web is the domino effect, Kipp said. Many people use the same password, or similar variations of a password, for many or all of their online accounts.

“Because of that, it is very easy for malicious actors to take this information and gain access to other sites where more private information is available,” he said. “It is extremely important for users to implement unique passwords for every account they create online and enable multifactor authentication. While having so many unique passwords can seem cumbersome, using a secure password manager can help reduce the tedium.”

Businesses should be providing cybersecurity awareness training for remote workers, Kipp said. Key best practices include using two-factor authentication (2FA) and a VPN.

Cybercriminals historically have been keen to the political climate and consumer trends, Kipp said. If there is a spike in particular online searches, products or software, adversaries often follow suit and target sites with those keywords, he said.

“This case is no different,” he said. “As the online population on video conferencing tools continues to remain at an all-time high, these bad actors will be doing whatever they can to take advantage. Until shelter in place orders are removed and offices open back up, video conferencing platforms are likely to remain prime targets for hackers.”

Juniper Networks' Mounir Hahad

Juniper Networks’ Mounir Hahad

Mounir Hahad is head of Juniper Threat Labs at Juniper Networks. He said it’s “mind boggling that credentials reuse is so prevalent that hackers are talking about credentials dump without a breach having occurred.”

“It is critical that platform vendors always offer 2FA and that the general public adopts the use of password managers more broadly to avoid using weak or recycled passwords,” he said. “This particular threat would be a non-event had people not used the same passwords elsewhere.”

The real danger from a Zoom account password leak is gaining access to all previously recorded meetings, Hahad said.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 135417