After its meteoric rise, videoconferencing platform Zoom has been banned by a large number of companies for work-related activities because of serious security vulnerabilities.
It seems that the fear of these companies are founded on reality as more than half a million Zoom accounts and credentials are sold at dirt-cheap prices on the Dark Web. A few of these accounts are even given away for free.
First reported by BleepingComputer, the website was informed by cyber risk assessment firm Cyble when it discovered that Zoom credentials were being sold cheaply, some of which belonged to the company’s clients.
Aside from old passwords, the credentials for sale also included personal meeting URLs and Zoom host keys, which are prime sources for confidential data. In a conversation with its clients, Cyble confirmed that the credentials were correct.
The main attack pattern emerging from Zoom hacking victims comes in the form of credential stuffing which uses old data breaches and the successful logins are sold as hackers on the Dark Web.
Free Zoom credentials, on the other hand, are being posted on hacker forums and are made open for anyone to perform “zoom bombing” pranks and other malicious acts.
Zoom bombing ranges from displaying pornographic material on interrupted meetings to anti-Semitic groups targeting Jewish-related meetings or services.
The credentials were first offered exclusively through text-sharing sites by hackers seeking more reputation within the community. These hackers posted lists of emails with corresponding password combinations, and was first discovered by Cyble around the first week of April.
After being exposed to listings of hacked accounts on hacker forums, Cyble decided to purchase bulk listings as evidence to its customers of a potential breach. The company purchased at least 530,000 accounts for $0.002 each.
Some of the accounts belonged to large-scale companies, financial businesses like Chase and Citibank, educational institutions, and tech companies.
Earlier this month, Zoom admitted to accidentally routing data from non-Chinese users through China. And although its CEO, Eric Yuan, said his company never shared or sold user data to any entity, the sale of Zoom credentials is still ongoing in the Dark Web.