Your Zoom account worth less than a penny on the dark web

Edward G. | April 20, 2020

Amid a global pandemic, Zoom skyrocketed into the center of general awareness. Initially created for corporate webinars and meetings, the video conferencing app now became a forum for nearly every kind of social function. But among its spiking rise in usage, Zoom endured less affection about its software quality, and overall privacy. This time, security researchers reveal unprecedented vulnerabilities, including stolen accounts and hijacking schemes sold on the dark web. Hence, if you're among the tens of millions of people who regularly use Zoom, here's what you need to know.

500,000 Zoom accounts for sale

Cybersecurity intelligence company Cyble discovered a hacker selling half of the million stolen Zoom accounts. The credentials are for sale at dirt-cheap prices, with one account worth less than a penny, BleepingComputer reports. More than 500,000 Zoom accounts associate with companies like Chase and Citibank or schools like Dartmouth College and the University of Florida. Zoom user's email addresses, passwords, personal meeting URLs, and their host keys are all available on one of the hacker forums.

Cyble got in touch with a seller directly and purchased roughly 530,000 Zoom accounts - $0.0020 for each. The company itself found out some of the accounts belonged to their clients. Upon further investigation, Cyble confirmed that all the credentials of their customers are legitimate.

"Credential stuffing attack" is what allows threat actors to steal accounts through older data breaches. An attacker attempts to log in to the victim's account using the same credentials found on previously leaked databases. Hence, such a scenario indicates how risky it is to reuse the same passwords everywhere you register.

In a statement to BleepingComputer, Zoom assured they already hired security companies to help find these password dumps. Until then, the company urges its users to change passwords into stronger and secure ones.

Critical exploit for $500,000

Zoom's security issues continued to snowball. A new report by Motherboard revealed that hackers sell zero-day Zoom exploits on the black market. People who trade in hijacking schemes say there are two vulnerabilities - one for Windows and one for macOS. Reportedly, both flaws are up for the price of $500,000.

Zero-day exploits allow attackers to hack Zoom user accounts and spy on their calls. Depending on what kind of software these flaws are in, researchers approximate its worth can reach thousands or even millions of dollars.

According to a Motherboard's secret source, Windows zero-day vulnerability contains Remote Code Execution, which is the most popular after bugs. RCE attack lets hackers inject code into a target's machine, hence the name. The source said such a hijacking scheme requires the hacker to be in the same call with the victim. Still, the zero-day exploit on Windows would need to be combined with another Zoom's bug, if the hacker intends to harm the whole device. The macOS zero-day exploit is not RCE, but it remains unrevealed, however.

Zoom told Motherboard that as of the date, they didn't find any evidence proving these claims. However, the case is now under the investigation of the industry-leading cyber intelligence researchers, the company said.

Should you stop using Zoom?

It's only natural that people started to pick poke into Zoom's vulnerabilities. The app is in the spotlight: from having 10 million daily users to more than 200 million now. For now, research and media coverage about the company is focused only on how the software’s security flaws will eventually be resolved.

Still, password reuse remains a huge security issue for many users online. Usernames, email addresses, and passwords are continuously exposed by the billions each year. But to keep your account from falling victim to an attack, you must use strong and unique passwords anywhere you register. Plus, make sure to change them regularly.

Make sure to visit Have I Been Pwned and check if your credentials have been potentially exposed. If you do find that a company you have an account with has been breached, immediately change both your username and password. Also, double-check if you haven't used the same credentials elsewhere.

If you are still worried that your accounts are not secure enough - take advantage of VPN. Shield any of your sensitive information from hackers and get everything back on track:

Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.



© 2023 Atlas VPN. All rights reserved.