Dark Web: 500,000 Allegedly Hacked Zoom Accounts For Sale

Image Source:

A brand new modus operandi is going around the dark web today – some 500,000 allegedly hacked Zoom accounts have become super-hot merchandise that were being sold by the bulk. They are made available in many hacker forums to date. This now paves away towards more zoombombing online.

An expert revealed to cybersecurity company Cyble revealed that there are some 500,000 hacked Zoom accounts being sold online, and many of them may have been done earlier, many of these accounts seem legit and genuine.

Zoom Account Sale Influx

Tech experts reveal the influx of the sale of many Zoom accounts beginning April 1, and they were able to buy back some 530,000 accounts at a bulk pricing of approximately $0.002 per Zoom account. Some of these accounts are said to be shared widely for absolutely zero cost.

The credentials can include the Zoom account owner’s email, password, host key, and meeting url. The host key can contain a 6-digit pin which is tied-up to the Zoom account. This is often asked for host controls for any online meeting. Some of these Zoom accounts pertain to very high-profile companies such as Citibank and Chase, when checked against the account of some of their clients and they both confirmed that these are all active and valid accounts.

Zoom Privacy and Security Issues

Zoom had a fair share of privacy and security issues, which recently prompted them to stop some of their features development for about 3 months in an attempt to fix some of them. These account credentials, in fact, does not appear to be a result of a Zoom hacking incident.

Tech experts see that these accounts may have been collected on purpose thru a technique widely known as ‘credentials stuffing.’ This is when hackers and online fraudsters would make use of an old database of stolen Zoom account credentials and test them as against existing Zoom accounts.

Image Source:×512.png

Not The First Time

This is not the very first time when we have seen a lot of Zoom accounts being actively sold on the dark web, however there are some old reports that saw very small number of active accounts sold previously on hacker’s forums. Many of these accounts are widely used for trolling or interrupting someone’s online meeting on Zoom without prior permission, or worst, for purely collecting vital information, eavesdropping, and identity theft.

The nefarious practice of crashing one’s Zoom meetings has been seen as a widespread practice that it has been called now ‘Zoombombing.’ Although Zoom did addressed the issue not too long ago, it does not offer any comfort when your account credentials has fallen into the hands of the wrong person.

One good way to avoid this is to never make use of your old passwords. You can always use password tools like Dashlane or LastPass. They even let you store a huge number of various passwords for your various accounts online and then finally protect them all with one major password.