Zoom Credentials for Sale for Less than a Cent
A Singaporean cybersecurity company, Cyble, discovered the breach after it came across lists of email addresses and passwords on so-called “text sharing sites”. Cyble retweeted the news on their Twitter account. The Singaporean company purchased over half a million credentials from an underground hacker forum. Next, their experts checked whether the data was valid. They also informed affected customers about the leak. The leaked data includes victims’ email addresses, passwords, personal meeting URLs, and HostKeys.
Data Recycled from Old Data Breaches
To be clear, the breach is not the result of a Zoom data breach. In such attacks, hackers use stolen usernames and passwords for various services and accounts gained from previous data leaks to gain access to other applications, such as Zoom. The hackers then neatly listed and sold all credentials that successfully logged them into Zoom. Earlier in April, security researchers from cybertech companies Sixgill and IntSight came across smaller lists containing a few hundred to a few thousand Zoom Account Credentials on the dark web.
Reputation Boost the Motive
Interestingly, the “ridiculously low prices” and freebies provided by the hackers suggests that hackers are leaking data more to gain exposure within the hacking community than to capitalize from it. The hackers offered several Zoom accounts for free to other hackers. These credentials are used, for example, to conduct zoombombing jokes. Lists with valid credentials are also very valuable for brute force attacks, where hackers systematically deploy botnets to attempt to use the stolen credentials on various login pages, for example, from banks and online stores.
Strong and Unique Passwords
This leak once again demonstrates how important it is to use strong and unique passwords. To all Zoom account holders: change your password! A password manager and two-factor authentication are also recommended. Many people still use the same username and password to log in to multiple services online, despite the many news reports and warnings. That is worrying. Users who want to check whether their personal data has been compromised by data breaches can check this via the website Have I Been Pwned.