Hacked Zoom accounts are being sold or given away on the dark web according to a new report from cyber security experts.
Concerns about the video conferencing app’s security have become more pronounced since usage surged during the current lockdown.
Now, a new report from BleepingComputer suggests compromised account details and passwords are being collected and sold onwards. The account credentials are usually compromised because hackers find passwords from older data breaches and assume that users don’t update or change their passwords very often.
These compromised accounts are being compiled into lists and sold in bulk for tiny amounts. The report from BleepingComputer suggests a single account login could be had for as little as $0.0020.
That buys you a victim’s email address, password, personal meeting URL and HostKey.
The dark web is the area of the internet not indexed by search engines and often a source of cybercrime.
In a statement provided to the site, Zoom said it has already hired firms to help track down these compromised lists and put a stop to the sale of them.
‘This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems,’ the company said.
‘We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.’
Zoom has also announced it is stopping product development to focus on addressing security concerns. It has already added a new feature that lets paying customers choose how and where to route their data.
The video conferencing app has grown exponentially during the Covid-19 lockdown as millions of workers and students attempt to stay connected for jobs and study, while family and friends have turned to Zoom and similar apps as a means of staying in touch.
Source: Read Full Article