There has been reports of more than 500,000 Zoom accounts being sold on the dark web.
It has been discovered that more than half a million Zoom accounts are for sale on the dark web, with some hackers even giving away account details for free. Credential stuffing attacks have allowed hackers to gain lists of Zoom usernames and passwords, then give away these lists to improve their reputation in hacking communities.
Credential stuffing attacks are where attackers use previously leaked lists of login emails and passwords to log in to new services, such as Zoom. Once a successful attempt to log in has been made, the compromised account is added to a list and sold on the dark web.
Joseph Carson, chief security scientist at Thycotic, warned that “reusing old passwords is like leaving your front door open and inviting cyber-criminals into your home. Stop doing it now, otherwise expect to become a victim of cyber-crime. Many passwords managers are free. Start using them, use unique long passwords such as passphrases and use a password manager to keep all your passwords unique but easy to use.”
ESET cyber-security specialist Jake Moore also commented, stating that using the same password for email accounts as the one used for a Zoom account makes these attacks even more dangerous, as hackers will be able to access the email account and send invites from the victims to others meaning this attack could cause damage on a much wider scale.Back to News