US cybersecurity firm Cyble was the first to spot the mass sale of zoom credentials by hackers on their forums earlier this month. Cyble clients owned many of the compromised Zoom accounts. There are currently over 500,000 Zoom accounts being sold, and while most of them stem from earlier leaks, some of them are genuine.
Cyble was able to purchase 530,000 accounts in bulk at just 2 cents per account. There are some that are going for free. The sold accounts contain the email, password, the meeting URL and a key number or pin that allows Zoom users to host the meeting.
The most likely way that these hackers gather such credentials is through “credential stuffing”, which is by attempting to login to various websites and accounts using information gathered from other data breaches. The compromised Zoom accounts are on offer for mainly zoombombing or playing pranks on ongoing Zoom conferences by playing porn clips or sending threatening messages.
Thousands of Zoom accounts are for sale
The National Security Agency (NSA) warned of credential stuffing attacks in 2018. This happens when users use the same password for multiple accounts. When a data breach occurs, then hackers try to use the leaked credentials to log in to other accounts using the same password.
“If your username and password is compromised from Company A—who suffered a data breach—and you use that same username and password to login to your social media account, then that account could also be in jeopardy,” the NSA’s statement read.
All cybercrime experts advise internet users to change their login details across all online platforms if a breach is detected. Zoom is a popular group chat app and has various options on offer for video conferencing. Its free offer allows one to have group chats of up to 40 minutes. Its paid option allows up to 1000 people on a video conference.
Its popularity among the stay at home workgroup has gone up with people forced into lockdown for an extended period due to the coronavirus pandemic.
A Zoom spokesperson sent Mashable the following statement: “It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
Zoom Accounts are for Sale On Dark Web
This is not the first time that Zoom accounts have been hacked. BleapingComputers, had earlier reported about the vulnerabilities in the app. There are reports that it doesn’t have end-to-end encryptions and its video calls can be hacked. Another report by Mashable revealed that it allowed hackers to steal windows login credentials. This is possible because Zoom’s chat converts Windows networking UNC (Universal Naming Convention) paths into clickable links. If a user clicks on such a link, Windows will leak the user’s Windows login name and password. Although the password is hashed, for hackers, it is easy to retrieve through password recovery tools.
This led to Zoom halting any further feature developments to fix the leaks.