As the demand for video conferencing platforms arises amid COVID-19 pandemic, threat actors are also taking advantage of the situation to steal data from more people who use such type of service. Earlier this month, cybersecurity intelligence firm Cyble discovered more than 500,000 Zoom accounts being sold on the dark web.
In a report from Bleeping Computer, which the cybersecurity firm reached out to, these stolen Zoom accounts are being sold for less than a penny each, with some even being given away for free.
The credentials, which include email addresses and password combinations, were said to have been collected via “credential stuffing attacks” or when cybercriminals unlock accounts using leaked information from older data breaches.
According to the report, some of the exposed accounts even belong to educational institutions, including the University of Vermont, University of Colorado, Dartmouth, Lafayette, and the University of Florida.
In an effort to confirm the validity of the leaked credentials, Bleeping Computer said it tried reaching out to random email addresses exposed in the hacker forums.
“One exposed user told BleepingComputer that the listed password was an old one, which indicates that some of these credentials are likely from older credential stuffing attacks,” the online news outlet revealed.
After discovering the underground activity, Cyble purchased about 530,000 of the leaked Zoom accounts at $0.0020 each. Among the details provided include the users’ email addresses, passwords, personal meeting URLs, and HostKeys.
"It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems,” commented Zoom about the incident.
“We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,” it added.
To date, both Bleeping Computer and Cyble are advising the public to avoid reusing passwords for varying sites and instead opt to register with unique passwords.
Users who are also worried about the security of their accounts were also encouraged to check data breaches through the Have I Been Pwned and Cyble's AmIBreached sites for updates.
