Researchers at the cybersecurity firm Cyble said they found the credentials for more than 500,000 Zoom accounts either for sale or for free on the dark web, Bleeping Computer reported on Monday.
Cyble said many of the accounts it found were being sold for less than a penny, while others were being given away on hacker forums so people could use them for “Zoombombing,” a form of trolling where malicious actors drop into Zoom calls and post graphic or offensive content.
Recent reports of Zoombombing have included trolls targeting anti-Semitic abuse at a virtual synagogue, screaming racist slurs in a meeting for women of color, and taunting people in virtual Alcoholics Anonymous meetings.
Cyble said it was able to purchase roughly 530,000 Zoom accounts for $0.0020 each, obtaining email addresses, passwords, personal meeting URLs, and host keys (the six-digit PIN that Zoom meeting hosts can use). It said some of the accounts belonged to companies including Chase and Citibank, as well as educational institutions.
The firm told Bleeping Computer that it started to see accounts pop up for sale around April 1, with the posters seeking to boost their reputation among hacker communities.
This doesn’t mean Zoom got hacked. Though the videoconferencing service has been beset by privacy issues since the coronavirus pandemic drove millions more people to its service, the accounts for sale on the dark web were obtained using “credential stuffing” attacks, or when hackers use password-email combinations from previous hacks and try their luck on other accounts. It means people who reuse passwords could be vulnerable.
You can protect yourself from credential-stuffing attacks by using unique passwords for every account and checking whether your email address has been leaked in data breaches using Have I Been Pwned.
Reporting by Isobel Asher Hamilton @ Business Insider