The login details of more than 500,000 Zoom accounts are offered for sale on the dark web, according to research by Cybersecurity firm Cyble. The data is comprised of e-mail addresses, passwords and meeting IDs of the video conferencing app.
Cyble itself tested a number of the accounts offered, as if they were users. The purchased data could actually be logged in with, so it can be assumed that the full list of half a million accounts is legitimate.
Not only Cyble surfaced the dark web to see if offered login details were sold that were still active. Bleeping Computer did the same. According to them, Zoom, which has been under fire over the past few weeks because of bad privacy and security protocols, can’t be blamed in this case, as it concerns login details that were captured by other hacks. People who use the same combination of e-mail address and password on different services will have a problem in this case.
Many accounts from universities can be found amongst the offered login details, but according to Bleeping Computer, there are also accounts of large companies such as Citigroup and JPMorgan Chase Bank. A simple solution to avoid such a security risk would be to use a different password for each service. If that is not an option, it is recommended to use two-factor authentication to get a notification of every login attempt.
Although Zoom can hardly be blamed in this case, it is the umpteenth time in a short period of time that the app is confronted with security problems. Earlier this month, CEO Eric Yuan announced that all planned feature updates would be frozen for the time being and the full focus would be shifted to updates that improve security (and privacy). Because of the corona virus outbreak, Zoom saw its user numbers skyrocket, which also benefited the stock price. As more and more security issues were denounced, the number decreased slightly. Nevertheless, Zoom’s shares are now worth twice as much as a year ago.