The video conferencing app zoom has been the epicenter of significant security issues for the past few weeks, with cybersecurity experts revealing vulnerabilities within the app every other day.
E
alier today we got information that close to 500,000 Zoom accounts are being sold on the dark web, and on other hacking forum, reports byleep ComputerZoom security issue
In the current situation of the COVID-19 pandemic that has been rocking the world, leads to most organization to be closed to prevent the spread of the virus, and the employees are provided with options to work from home. So the RDP (Remote Desktop Program ) and the video communication platforms are in high demand.
$0.0020 per Zoom account.
Cybersecurity intelligence firm Cyble discovered that zoom accounts have been popping up on hacker forums on the dark web, for less than a penny each per account while some of them have been giving away in bulk for free.
Cyble were able to purchase 530,000 Zoom credentials for $0.0020 per account, which included details like email addresses, passwords, personal meeting URLs, and Zoom host keys (a six-digit pin tied to the owner’s account).
Several accounts for sale belonged to institutions or companies, including Citibank, Chase, and more as well as universities and colleges like the University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado, and others.
this information can be used for Zoom bombing and other malicious actives.
you may like: LimeRat malware via Password Protected Excel Spreadsheet’s
This type of attack, the hacker’s uses are call Stuffing Attack, in which hackers use compromised user’s credentials of breaches to try and get authentication on other websites or applications, in which these new authentications will be sold on different hacker forums.
Along with Zoom credentials, the database also includes data of “personal accounts, and many corporate accounts were belonging to banks, consultancy companies, educational facilities, healthcare providers, and software vendors, amongst others.”
Zoom is yet to inform users impacted by the data breach. In the meantime, we recommend users change their Zoom login password, especially if you’re using a password that has also been used on other websites. Have I Been Pwned is a reputable website that tells you whether your email address was ever breached.