A report by Bleeping Computer says that hackers are promoting these Zoom accounts for less than a cent each and in some cases, they are being given away for free. The report adds that this information about free Zoom reports being posted on cookie forums was first pointed out by Cybersecurity intelligence firm Cyble around April 1. The firm then achieved to the vendors of those accounts and bought 530,000 Zoom credentials at $0.0020 (roughly Rs. 0.15) per accounts, in an attempt to warn their clients of the breach.
The report also adds that these reports were hacked through credential stuffing attacks that use previously leaked reports to login to Zoom. The credentials which are successfully logged in are then compiled and offered to hackers. These kinds of attacks aren't unique to Zoom, '' the report says.
All these Zoom accounts credentials include email address, passwords, private assembly URLs, and HostKeys, according to the report. It was also discovered that 290 accounts were associated with universities and colleges including the University of Vermont, Dartmouth, Lafayette, University of Florida, University of Colorado, and many others. Some accounts flew to renowned companies such as Citibank, Chase, and more. The two Bleeping Computer and Cyble claim they have verified a number of these accounts and that the credentials used were valid.
It is highly advisable that users change their Zoom passwords, particularly if the exact same password is used elsewhere. They should try to use unique passwords for every website. Users can also check if their email address was leaked by heading to Cyble's AmIBreached service or Have I Been Pwned service.
This comes after Zoom confronted several allegations because of its security and privacy defects. CEO Eric Yuan also held a Livestream admitting that the issues and stating that the business is focusing on fixing them.
0 Comments