500000 Zoom accounts found for sale on the dark web - SiliconANGLE
- 1 May 2020
500,000 Zoom accounts found for sale on the dark web
The account details of more than 500,000 users of Zoom Video Communications Inc. have been found for sale on the dark web, the shady part of the internet reachable with special software, in the latest security concern surrounding the company.
Discovered by security researchers at Cyble, the credentials include email address, password, personal meeting URL and HostKey. Accounts belonging to Cyble clients were tested and found to be valid.
Separately, Bleeping Computer also got its hands on some of the Zoom credentials and today confirmed that the data was the result of credential stuffing. That’s where hackers use account details stolen from successful hacks of other sites to gain access, since people often reuse passwords across multiple sites.
Some of the Zoom accounts were being offered for free while other for less than one cent each “so that hackers can use them in zoom-bombing pranks and malicious activities.” The hackers are also said to be offering free accounts to “gain an increased reputation in the hacker community.”
The accounts themselves were varied with many involving university addresses but also included accounts for well-known companies including JPMorgan Chase Bank N.A. and Citigroup Inc.
While Zoom can’t be directly blamed for its users reusing passwords there are ways to provide security to users who do so. At the very least the introduction of two-factor authentication would add a barrier to entry. Alternatively, Zoom could scan user accounts again data breach lists to see if customers are reusing passwords, then force a password change where one is found.
Zoom has come to the fore during the COVID-19 pandemic, surging to the top of application downloads as millions work from home. With that popularity has also come scrutiny into its security practices and they’ve been found to be lacking.
On April 5 it was reported that Zoom was routing video calls through mainland China complete with the encryption keys used to secure the calls. Other security issues including with Zoom’s desktop apps were revealed April 1, causing Chief Executive Officer Eric Yuan to apologize the following day while committing the company to freeze feature development for 90 days to focus on enhancing security.
Security issues aside, Zoom is one of few companies that have done well out of the coronavirus pandemic. Zoom floated in April 2019 at $36 per share before closing its first day of trading at $65 per share. The company’s share price barely moved since that time until February, breaking through $100 per share Feb. 19.
Zoom’s share price peaked at $159.56 March 23 and security issues dampened investor interest only slightly. As of the close of trading today, Zoom was sitting on $135.92 per share.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.