Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
The Internet Media Privacy Security

Over 500,000 Zoom Accounts Sold On Hacker Forums, the Dark Web (bleepingcomputer.com) 23

Posted by BeauHD from the time-to-change-your-password dept.
An anonymous reader quotes a report from Bleeping Computer: Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers. Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.

Cybersecurity intelligence firm Cyble told BleepingComputer that around April 1st, 2020, they began to see free Zoom accounts being posted on hacker forums to gain an increased reputation in the hacker community. These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations. The purchased accounts include a victim's email address, password, personal meeting URL, and their HostKey. Cyble has told BleepingComputer that these accounts include ones for well-known companies such as Chase, Citibank, educational institutions, and more. You can use Have I Been Pwned and Cyble's AmIBreached to check if your email address has been leaked in a data breach.
This discussion has been archived. No new comments can be posted.

Over 500,000 Zoom Accounts Sold On Hacker Forums, the Dark Web More

Over 500,000 Zoom Accounts Sold On Hacker Forums, the Dark Web

Comments Filter:

  • They are also sold ... (Score:5, Insightful)

    by PPH ( 736903 ) on Tuesday April 14, 2020 @03:53PM (#59946824)

    ... because many people reuse their login credentials. And although Zoom bombing isn't very profitable, gaining access to bank accounts is.

    • Re: (Score:2)

      by sabri ( 584428 )
      And maybe add that amibreached.com is commercial. They charge you. They want money.

    • It takes ten minutes to get a password manager like Bitwarden and even less time to make a secure password with it.

      • Re: (Score:2)

        by PPH ( 736903 )

        How well does that work across multiple platforms like desktops, tablets, phones, office desktops and public kiosks?

      • yep and that is 10 mins longer than most users will spend securing a password when it is so much easier to just use the same password everywhere.

  • ...another "Zoom is the wirst!" post. I wonder how much someone is getting paid to nail Zoom to the wall. From what I can see, Zoom's chief problem was it installs out of the box with lax security, but if you tighten it up, it doesn't look any worse than Skype, Microsoft Teams or Gotomeeting. But I'm not a shareholder in those other companies, so maybe I'm missing the big picture here, and that is that Zoom must be killed.

    • How many tighten it up? How many sales -expletive at your company include their personal zoom url in their digital business card file and their signature?

      Ours did until recently when everyone was told to clean that shit up and password everything.

      When we started using Zoom, I noticed the urls were static and occasionally someone would randomly join a meeting by mistake or a few times I joined my meeting early but the same url was being used by the host for a different meeting that hadn't ended yet.

      This was

      • How many tighten it up?

        To how many does it matter?

        It's not like someone can secretly observe a Zoom chat, you can see if someone else is on.

        Zoom bombing can be a thing only if you have a relative public URL, and if someone attempts to join and the person who started the Zoom does not know them, they simply are not let in.

        For MOST people, what else needs "tightening"??

        People who claim the default "tightening" is not enough, do not appear to have used Zoom.

  • Didn't I already see this earlier this morning?

  • For a startup that has been around since 2011, they really don't have their shit together. Sure their software is pretty easy to use, but once they implement security features I'm going to guess it's going to stop being so easy to use.

    • This really seems like the other "security" problems with Zoom. User error. This is like saying web browsers are insecure because most people only look for the "lock" icon and don't know that you actually have to check that the domain name is the the right one, otherwise you are securely connected to the wrong service. I use Zoom every day and I've never tried to prevent Zoom bombing by limiting the meeting to logged in users. I use passwords for meetings in which I trust that nobody is going to share t

    • Re: (Score:2)

      by k6mfw ( 1182893 )

      Sure their software is pretty easy to use

      That's why. Yes there are better services but it takes some techie skill to get going. I was surprised how easy it was to download and startup. Other programs always required some tweaking. For most people here that's no big deal, kind of like if you are an experienced skydiver then it's just a matter of putting on the rig, ride the "elevator" to 13K and exit. then do usual skydiving stuff. Give that to someone with no training and they will go nutzoid.

    • It's time for Zoom to nag their users with pop up boxes regarding security- "Are you really, really, REALLY sure you DON'T want to password protect your meeting? The bad guys can't wait to drop into your non-passworded meeting!"

      Simple problem with a (mostly) simple solution.

    • Its both bad and popular because it trades security for convenience. Most users are not educated enough to realize this and even if they did most would not care. If they had had there shit together they would not have become popular as security is inconvenient for most users.
  • In addition to Have I Been Pwned and AmIBreached: besides checking if your *email* (only) was stolen, you can also check if your email was stolen *including hash && the hash was cracked*. Check Scattered Secrets [scatteredsecrets.com]. Quick check of the Zoom list shows that for all emails a password was cracked, so looks like classic credential stuffing [wikipedia.org].

  • I don't know whether you've gotten access to my Zoom account, but if you have, please enjoy any transcripts you find there from Ms. Z's second-grade class. I'm sure they'll be very helpful, and I look forward to getting my tablet back from my 8-year-old someday.

  • 1) Buy hacked Zoom credentials
    2) Zoombomb a meeting
    3) ????????
    4) Profit

    What's step three?

    • test those user account details on other services for profit. Users still have a horrible tendency to reuse passwords.
  • While researchers have found 500K Zoom accounts, in reality what they found is credentials for many different services where users use the same userid/password combo. So Zoom was never hacked but rather since these 500K users use the same credentials for Zoom as other services, the credentials can be used. In other words they went searching for Zoom accounts. Now, it would be interesting to see what other services they have userid/password combos to, but are not as popular in moment with COVID-19.

  • Really?! That's only a week of consulting fees for the average software engineer. Even if they find a buyer, it hardly seems worth the effort/risk.

Slashdot Top Deals

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Close