There are over 500,000+ stolen Zoom logins floating around the dark web. The account information has been published, exchanged, and, in some cases, sold online without their knowledge or consent. The Zoom credentials, later, were found being sold on a hacker forum for .002 cents each.
Affected accounts included ones from colleges such as the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and even well-known companies such as Chase, Citibank, and more.
In this article, I’ll talk about how the zoom credential theft occurred, the security flaws that facilitated it, and how you can prevent it from happening to yourself.
By Robert Mardisalu, Co-founder & Editor of TheBestVPN.com
A History of Zoom’s Privacy and Security Flaws
As the COVID-19 pandemic pushed more and more people to self-isolate, Zoom found itself gaining millions and millions of users. The platform has seen daily meetings surge from 10 million in December to 300 million today. Unfortunately, this surge in popularity carried with it an increase in privacy risks.
The first of Zoom’s privacy and security flaws surfaced late last month when it was revealed that Zoom’s iOS app was sending user data to Facebook.
Soon after, reports of classroom Zoombombing involving a swastika sign led the FBI to issue a public warning about Zoom’s security issues. More bugs then started showing up.
One Windows-related bug was discovered to have exposed users to password theft. Another bug allowed bad actors to take control over a Zoom user’s microphone or webcam. One more bug allowed Zoom to gain root access on MacOS desktops — a particularly risky fact.
It was then eventually discovered that Zoom doesn’t use end-to-end encryption as promised and that it was leaking users’ email addresses and photos to strangers through their “company directory” feature.
The following days then revealed more issues like Zoom’s data-mining feature, video call records left viewable on the web, calls “mistakenly” routed through Chinese whitelisted servers, and the discovery of a link to a collection of 352 compromised Zoom accounts in the dark web.
It was just a week after this latest discovery that Cyble found more than 500,000 Zoom accounts on hacker forums.
How the Zoom Credential Theft Occurred
Cyble, a cybersecurity firm, was the first to discover the credentials being sold on hacker forums around April 1, 2020. Cyble then reported this discovery to BleepingComputer.
Apparently, Zoom accounts were being posted on the forums to gain a reputation around the hacker community. Some accounts, like the ones from various colleges, were given for free. Others were sold for $0.002 each.
The stolen credentials included email addresses, passwords, personal meeting URLs, and host keys that allowed threat actors to enter meetings and carry out Zoomboming attacks.
Upon this discovery, Cyble bought 530,000 credentials to warn their owners of the impending threat. When contacted, one exposed user said that the stolen password was an old one. This raised the likelihood that some credentials were stolen through older credential stuffing attacks.
The bad actors got the credentials from accounts leaked in older data breaches and attempted to use them to log in to Zoom. All successful logins were then compiled into the lists that were posted on hacker forums.
Some accounts were given for free to be used in Zoombombing pranks while others were sold in bulk at less than a penny each.
How to Avoid it?
Since these credentials were exposed through credential stuffing attacks, the best way to protect your Zoom account is to change your password. If you’ve had your Zoom account before the pandemic lockdowns started, you might need to change your password now.
This should come as old news, but it’s been ignored enough to warrant a reminder:
Use strong and unique passwords
Strong passwords should be a combination of upper- and lower -case letters, numbers, and symbols. Use a different strong password for each online account — never use the same password twice. Perhaps use a password manager app to generate and keep strong passwords for you.
You can make sure your emails or usernames have not been included in any data breach by checking on data breach-notification services like Have I Been Pwned or AmIBreached. These services will show if your username or email has been exposed and from which company they were stolen from.
In their statement to BleepingComputer, Zoom said that it’s common for bad actors to target web services that serve consumers with this type of activity (credential stuffing). “This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems” they added.
Zoom also stated that they’ve already hired multiple intelligence firms to find the password dumps and tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.
Zoom is still investigating, locking compromised accounts, asking users to change their passwords to something more secure, as well as looking to implement additional tech solutions to aid in their efforts.
About the Author
Robert Mardisalu is the co-founder & editor of TheBestVPN.com, a computer security professional, privacy specialist and cybersecurity writer. He has authored many insightful blogs that help readers to think beyond the surface.
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article