500,000 Hacked Zoom Accounts Being Sold on Dark Web: Report

Zoom accounts were reportedly being sold for $0.0020 (roughly Rs. 0.15) per account and in some cases, given away for free.

500,000 Hacked Zoom Accounts Being Sold on Dark Web: Report

Photo Credit: BleepingComputer

Hacked Zoom accounts included college students from several universities

  • Over 500,000 Zoom accounts are reportedly being sold on the dark web
  • The accounts include email address, passwords, personal meeting URLs, etc
  • The Zoom accounts were gathered using credential stuffing attacks

Zoom video conferencing app has seen an unprecedented level of growth in the past month or so. This is mainly because of the coronavirus pandemic that has forced people to stay indoors and work from home, leaving voice and video calls the only way of communication. Because of this sudden growth, several privacy and security concerns surrounding Zoom have come to the fore. Now, a fresh report claims that over 500,000 Zoom accounts have been hacked and are being sold on the dark web.

A report by Bleeping Computer states that hackers are selling these Zoom accounts for less than a penny each and in some cases, they are being given away for free. The report adds that this information about free Zoom accounts being posted on hacker forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. The firm then reached out to the sellers of these accounts and bought 530,000 Zoom credentials at $0.0020 (roughly Rs. 0.15) per account, in an attempt to warn their customers of the breach.

The report also adds that these accounts were hacked through credential stuffing attacks that use previously leaked accounts to login to Zoom. The credentials that are successfully logged in are then compiled and sold to other hackers. These types of attacks are not unique to Zoom, the report states.

These Zoom account credentials include email address, passwords, personal meeting URLs, and HostKeys, according to the report. It was also found that 290 accounts were related to universities and colleges like University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado, and others. Some accounts belonged to well-known companies such as Citibank, Chase, and more. Both Bleeping Computer and Cyble claim they have verified some of these accounts and that the credentials used were valid.

It is highly advisable that users change their Zoom passwords, especially if the same password is used elsewhere. They should try to use unique passwords for each site. Users can also check if their email address has been leaked by going to Cyble's AmIBreached service or Have I Been Pwned service.

This comes after Zoom faced several allegations for its security and privacy flaws. CEO Eric Yuan also held a livestream acknowledging the issues and stating that the company is working on fixing them.

Mi TV 4X vs Vu Cinema TV: Which is the best budget TV in India right now? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Zoom, Dark Web, Hacking
Vineet Washington writes about gaming, smartphones, audio devices, and new technologies for Gadgets 360, out of Delhi. Vineet is a Senior Sub-editor for Gadgets 360, and has frequently written about gaming on all platforms and new developments in the world of smartphones. In his free time, Vineet likes to play video games, make clay models, play the guitar, watch sketch-comedy, and anime. Vineet is available on vineetw@ndtv.com, so please send in your leads and tips. More
How the Coronavirus Lockdown Has Changed Our Music Streaming Habits
OnePlus 8, OnePlus 8 Pro With Snapdragon 865 SoC, Up to 12GB RAM Unveiled: Price, Specifications

Related Stories

Read in: தமிழ்
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com