The teleconferencing application Zoom has recently been under fire as they confront a handful of security issues while their app continues to rise in popularity from employees working from home during the Coronavirus pandemic. While issues of unauthorized information sharing surfaced in the previous week, the platform is facing another big problem thanks to the dark web.
352 Zoom account passwords are now being shared online
Sixgill, a cybersecurity firm, has as unearthed a collection of 352 Zoom accounts that have been jeopardized. These accounts have been compromised and are being shared in the dark web by a user, which includes all of the passwords, personal information, and other important user data.
The stolen information has been filtered by the type of Zoom accounts, including premium users that have been paying expensive service plans.
According to Mashable, Dov Lerner, a security research lead in the firm has said that "in comments on this post, several actors thanked him for the post, and one revealed intentions to troll the meetings.
The accounts could certainly be used to troll the owner of the account or those who are joining the owner's calls, but these credentials could also be used for corporate or personal eavesdropping, identity theft, and other nefarious actions and there's a number of ways a malicious actor could use these stolen accounts."
Some of the accounts belong to very important people
The whole situation is very disconcerting when looking at who the owners of these accounts are. Though researchers have identified that most of the accounts are personal, some of them belong to small businesses and educational institutions. Some are also from major US health care providers.
The Dark Web encompasses forums, websites, plus other online destinations that require a very special web browser called Tor for people to access. One cannot just type the sites on Google as they are invisible to search engines. Many illicit goods such as drugs and weapons, as well as illegal services are usually illegally traded or sold on the Dark Web. And it isn't recommended for anyone without knowledge in cybersecurity to attempt to browse through it.
Security experts have now noted how the app can be used by various employers to spy on their employees at home. It was also discovered that Zoom was sharing user information to Facebook and LinkedIn.
In the last few weeks, Zoom's reputation has been in constant question from the public as well as private institutions and government bodies on the issue of privacy. CEO Eric Yuan already apologized to the users for the stress that was caused by the issues and said that they will now be focusing more on fixing all these security and privacy bugs in the next 90 days.
Though one thing should be Zoom's priority and that is to figure out how this malicious actor got their hands on all of these 352 accounts.