Technology
500,000 Zoom accounts are being sold on the dark web
Hacked Zoom accounts have become merchandise that’s sold en masse on the dark web and through hacker forums, new report claims.
According to BleepingComputer, which spoke to cybersecurity company Cyble, there are currently over 500,000 Zoom account credentials being sold, and while most of them seem to stem from earlier, unrelated hacks, some of them are genuine.
Cyble’s experts noticed the influx of Zoom accounts for sale on April 1, and were able to purchase 530,000 of them at a bulk price of $0.002 per account. Some accounts, the report claims, are even being shared for free.
These credentials include a Zoom user’s email address, password, personal meeting URL, and their host key — a six-digit pin tied to the owner’s Zoom account, which is used to claim host controls for a meeting. And some of these account details belong to high-profile companies including Chase and Citybank, according to Cyble, which checked the veracity of the accounts belonging to some of their clients and confirmed they were valid.
Even though Zoom has had its share of security and privacy blunders, recently prompting the company to halt features development for 90 days in order to fix them, these account credentials do not appear to be a result of a Zoom hack. More likely, they’ve been gathered by a technique called credentials stuffing, in which hackers use older databases of stolen user account credentials and test them against Zoom accounts.
This isn’t the first time we’ve seen Zoom accounts circulated on the dark web, but previous reports saw a much smaller number of accounts being sold. Now that the numbers are in the hundreds of thousands, this is becoming a serious threat to Zoom users. These accounts can be used for simple trolling via bursting into someone’s Zoom meeting unannounced, but also for eavesdropping and identity theft.
The practice of crashing someone’s Zoom meeting has become so commonplace that it now has a name — Zoombombing — and while Zoom did address the issue in a recent update, this doesn’t help if a hacker has your Zoom account credentials.
As always, the best protection from these types of attacks is never to re-use old passwords. That’s where password management tools such as LastPass and Dashlane come in handy, as they allow you to store a large number of different account credentials and protect them all with one master password.
What’s on the far side of the moon? Not darkness.
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
Photo-sharing community EyeEm will license users’ photos to train AI if they don’t delete them
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
‘Challengers’ review: You’re not ready for Zendaya’s horny love-triangle drama
Summer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
Monsta X’s I.M on making music, gaming, and being called ‘zaddy’
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
The books on your favorite creators’ TBR shelf
API startup Noname Security nears $500M deal to sell itself to Akamai
US think tank Heritage Foundation hit by cyberattack
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
How to watch ‘Argylle’: When and where is it streaming?
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
Tesla layoffs hit high performers, some departments slashed, sources say
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
Consumer Financial Protection Bureau fines BloomTech for false claims
What’s on the far side of the moon? Not darkness.
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
Photo-sharing community EyeEm will license users’ photos to train AI if they don’t delete them
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
‘Challengers’ review: You’re not ready for Zendaya’s horny love-triangle drama
Summer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
Monsta X’s I.M on making music, gaming, and being called ‘zaddy’
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
The books on your favorite creators’ TBR shelf
-
Business6 days agoTikTok Shop expands its secondhand luxury fashion offering to the UK
-
Business5 days agoUnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’
-
Business5 days agoMood.camera is an iOS app that feels like using a retro analog camera
-
Business4 days agoTesla’s new growth plan is centered around mysterious cheaper models
-
Business3 days agoXaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
-
Business4 days agoTwo widow founders launch DayNew, a social platform for people dealing with grief and trauma
-
Entertainment4 days agoTesla’s in trouble. Is Elon Musk the problem?
-
Entertainment5 days agoFurious Watcher fans are blasting it as ‘greedy’ over paid subscription service
