Experts from cybersecurity firm, Cyble reported the incidents. The research firm discovered that a hacker is distributing stolen Zoom credentials for $0.002 each, some were also shared for free. The hacker was giving away the credentials on the Dark Web.
Cyble confirmed that the credentials shared by the hacker are valid. The stolen credentials included personal meeting URLs, Zoom host keys, email addresses, and passwords. This allows anyone with the data to enter meetings.
When the Cyble reached out to account owners of the hacked database. It’s likely that the nearly half of the passwords mentioned in the leaked database are old. Zoom account owners might have changed the passwords since then. However, the same individual may have used the same password elsewhere. This creates potential threat to the account owners.
Zoom has gained immense popularity among enterprises, SMBs and schools across the world during the lockdown. The attack does not affect enterprise customers using their own single sign-on systems.
The video conferencing company has confirmed that it has hired multiple firms to find these passwords dumps and tools used to create them. Zoom will continue to send notifications to the accounts that are comprised. It is working on an additional layer of security to bolster the effort.
Password re-use is a huge security issue faced by users across the world. To keep your account secure, it is necessary that you change the passwords to something strong and unique.