Zoom, the video-conferencing app that rose to prominence thanks to lockdowns imposed across the globe, has witnessed a lot of security breaches.
According to a report by the Bleeping Computer, Cyble a cyber security firm purchased 530,000 accounts for $0.0020 each. By buying these accounts, Cyble obtained the user’s email address, password, personal meeting URL and host key (the 6-digit pin number Zoom meeting hosts can use)
Some of the accounts were even being given away on the dark web for free to enable Zoombombing attacks. Zombombing is a form of trolling, where the perpetrator drops in on a call and posts graphic or offensive content.
Data from many of these accounts were hacked via credential stuffing attacks. Hackers use the leaked data to access various linked accounts.
They then log into accounts linked to the Zoom account, compile them and sell to other buyers. Among the accounts were found names of prominent banking and educational institutions. 290 accounts were linked to popular institutes like University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado. It also included account information of Chase, Citibank.
Account information of Zoom users were obtained using ‘credential stuffing’ attacks. This does not mean that Zoom was hacked. But, hackers gained access to the accounts using password-email combinations obtained through previous hacks and tried luck on people’s Zoom accounts. This means, users who reuse previously hacked passwords are vulnerable.
According to a statement released by the company, it is common for web services that serve consumers to be targeted by this type of activity and that this kind of attack generally does not affect a large enterprise of customers that use their single sign-on systems. The company also said that they have hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.
“We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,” the statement further added.