More than half a million accounts of Zoom, a virtual conference service provider, have been sold on the dark web and hacker forums, and in some cases, given away for free.
These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches, and successful logins were then compiled into lists that were sold to other hackers, The Daily Mail reported on Monday citing online forum BleepingComputer.
Some of these Zoom accounts were being offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.
BleepingComputer said Cybersecurity intelligence firm Cyble first noticed around April 1 that free Zoom accounts were being posted on hacker forums to gain an increased reputation in the hacker community.
The credentials included personal meeting URLs, email addresses and passwords, along with host keys that allow them to enter meetings and carry out 'Zoomboming' attacks.
After seeing a seller posting accounts on a hacker forum, Cyble reached out to purchase a large number of accounts in bulk so that they could be used to warn their customers of the potential breach, the report said.
“Cyble was able to purchase approximately 530,000 Zoom credentials for less than a penny each at $0.0020 per account.”
Although a majority of the accounts belonged to users, some of them were details owned by big-name companies such as Chase and CityBank, according to Cyble, that has cross referenced the details to confirm they were valid.
