It seems Zoom’s security issues and problems continues to be increasing day by day. Cybersecurity firm Cyble found credentials for more than 500,000 Zoom accounts either for sale or even being given away for free on the dark web, as reported by Bleeping Computer.
The report stated that many of the accounts were being sold for a few cents per account. Some were being given away in bulk for free on hacker forums so that people could use them for Zoombombing. Zoombombing is a form of trolling where malicious actors drop into Zoom calls and post graphic or offensive content.
CSA recently produced some guidelines on how you can protect yourself from Zoombombing as well. You can read about it here.
We have seen an increase in Zoombombing cases in Southeast Asia as well with the Ministry of Education Singapore having removed Zoom temporarily from its e-learning tool following an incident. However, MOE has now resumed the usage of Zoom for e-learning following the addition of several patches.
Now, Cyble apparently purchased about 530,000 accounts for $0.0020 each, thereby obtaining their email address, password, personal meeting URL, and host key Zoom meeting hosts can use.
Bleeping Computer reported that Cyble had started to see accounts pop up for sale since April 1, with the posters seeking to boost their reputation among hacker communities. Interestingly, many of the accounts for sale belonged to companies or institutions, including Chase, Citibank, and numerous universities.
It seems privacy and security issues continue to be a concern for Zoom users. But at the same time, it also seems that cybercriminals and hackers are now using multiple methods to infiltrate Zoom accounts.
As usual, the best thing we can do at this point of time is to ensure we keep changing our Zoom passwords regularly and use stronger passwords as well. The other alternative is to consider other services that are available as well. But security will always be an issue if our passwords are not strong enough.