Data breach, a thing that every company and organization is afraid of. This has increased on this pandemic lockdown. Recently here in Nepal, a hacker by the name ‘Narpichas’ leaked 1,76,519 Vianet’s user’s data. Those data included the user’s email address, phone number, and address. Following this event a new hacker by the name, Cyber_hell_god (SATAN) threatened Prabhu Nepal, and Nepali Congress. This is a nightmare for users and the company as well. Now we have another such case, more than 500,000 Zoom credentials have been stolen and sold on the dark web.

Zoom Credentials Stolen

zoom video conferencing app tool

Zoom is a video conferencing app. It gained its popularity within a short period on this pandemic lockdown. For remote communication, this tool was heavily used as it was available on cross-platform, Windows, macOS, Android, iOS and Linux. But the popularity came at a huge price. With the increase in the user base, more privacy and security flaws came to light. Different Universities banned the usage of Zoom plus some filed a class-action lawsuit as well.

Things were already bad for Zoom but even worse has happened now. More than 500,000 zoom user’s data has been stolen and sold.  The data included the user’s email address, password, personal meeting URLs and Zoom hotkeys. These data are sold at $0.002 each on the dark web. This data breach has affected the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and more. Other affected well-known companies include Chase and Citibank.

500k-zoom-accounts sold on dark web
Zoom Credentials | Source: Bleeping Computer

On this case, Zoom officials responded,

“It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their single sign-on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.”

To be safe from such attacks, we all should use a strong and unique password. It must be changed frequently. Whether you are a Zoom user or not you should always back-up your data, use 2FA and must not share such important credentials to others. Credential surfing attacks can happen anytime on any site.


You might like: