Recent reports have said that over 500,000 Zoom accounts are now being sold for less than a penny each on the dark web and hacker forums; many are being given out for free. These data are being gathered through stuffing attacks where malevolent actors attempt to log into Zoom using accounts that were leaked in old data breaches. These were then compiled into lists that were sold to various hackers.
Over 500,000 accounts on Zoom are being sold on hacker forums and the dark web
Some of these accounts are now being offered on hacker forums so that they can use them in "zoom bombing" calls, and to perform malicious activities and pranks all over social media; other accounts are being sold for a very low price.
Cyble, a cybersecurity firm, told BleepingComputer that on April 1 that hackers began to share Zoom accounts by posting on hacker forums to increase their reputation in the hacker community. These accounts were then shared through sharing sites as they posted lists of password combinations and email addresses.
Some 290 accounts connected academic institutions like the University of Dartmouth, University of Colorado, University of Lafayette, University of Florida and others have been given out for free. BleepingComputer contacted several random email addresses that were exposed and they confirmed that some of the credentials and information are correct.
It was also uncovered that some of the accounts are old since one exposed user told BleepingComputer that the password listed is an old one--which indicates that some of these accounts were most likely from older credentials stuffing attacks.
Bulk Zoom accounts were bought to warn users
After witnessing a seller post accounts on these hacker forums, cybersecurity firm Cyble automatically reached out to buy a massive amount of accounts in bulk so that they could use these to warn customers of the possibility of a breach. Cyble purchased at least 530,000 Zoom accounts for less than a penny each at $0.0020 per credential. These accounts consist of the user's HostKey, personal meeting URL, email address and password.
Cyble told BleepingComputer that these Zoom accounts also include those of large companies in the educational sector, as well as the banking industry.
According to BleepingComputer, if you have a Zoom account, you need to change your password immediately.
"With these attacks utilizing accounts exposed in past data breaches and then being sold online, using a unique password at every site will prevent a data breach from one site affecting you at a different site. You can also check if your email address has been leaked in data breaches through the Have I Been Pwned and Cyble's AmIBreached data breach notification services," said BleepingComputer.
Both of these online services will basically list data beaches that contain your email address and will confirm if your credentials have been exposed or not.