It seems that I would have spent an eternity since that Zoom protagonizaba owners add millions of users in less than a month. But just two weeks ago: after we found out about the the absence of encryptionon the transfer of data to Chinaon the theft of credentials and the ‘secuentro’ video conferencing to broadcast videos porn.
And now we add something else to the list: according to information made public by the intelligence firm cyber security Cyble, and that echoes BleepingComputer, there are crooks in the forums on the Dark Web selling (and giving away) credentials of Zoom. Specifically, more than half a million accounts.
To Zoom you grow the dwarf… now, in the Dark Web
The accounts they are selling in some cases less than a penny (employees of Cyble were able to purchase a ‘pack’ 530,000 for less than 0.002 dollars each), and some crackers come to give to them just to gain reputation within their community, while others are selling filtered lists, in that separate accounts usable and those whose credentials have already been changed by the users.
These credentials (that is, the combination of email and password, but also the URL of the personal meeting and its HostKey) are selling in order to practice ‘zoombombing’ (the fashion of ‘hijack’ these videoconferences to broadcast pornographic videos), but without ruling out another kind of malicious purposes.
From Cyble claim to have made contact with several emails random included in the data that they bought, and have verified that effectively correspond to users of Zoom, while in some case they have clarified that the password included was already oldwhat makes you think that you have collected also data from old leaks to ‘fill in’.
Cyble has explained that many of these accounts were linked to large companies (such as Chase or Citibank) and educational institutions (such as the University of Vermont, Colorado, Dartmouth, Lafayette, Florida, etc).
If you are a user of Zoom, the best thing you can do is get better in health and change as soon as possible your password… and of all those accounts that come along using the same password.
If you want to make sure if your account is among those affectedyou can resort to the services included in some password manager or websites such as Have I Been Pwned, which lists all the data breaches suffered by accounts linked to the email entered.
Image | Marco Verch
it was originally published in