One of the Popular video conference app Zoom has been hacked by hackers as over 1000,000 Zoom accounts are being sold on the dark web at just a cost of .15 Rs and hacker forums practically for free, according to a report from the Bleeping Computer. These credentials are apparently gathered through credential stuffing attacks where hackers attempt to login to accounts through earlier data breaches.
These attacks are not unique to Zoom, the report said. Successful Zoom logins are being compiled into a list and are sold to hackers who are using them to pull pranks, such as Zoombombing, and other malicious activities.
Furthermore, 290 accounts belonging to colleges such as the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and some accounts related to Citibank, Chase and others. Zoom account credentials include email address, passwords, personal meeting URLs, and HostKeys. Bleeping Computer and Cyble claim that they were able to verify some of these accounts and the credentials are valid. Since so many accounts are stake, protecting your account should be of a primary focus at the moment and here’s how you can do it.
How to protect your Zoom account by following these simple steps.
1. Zoom accounts are being hacked using the Credential stuffing, there’s only one way to protect — change the password and start using a unique password for every site you register an account.
2. A you can check if your email address has been leaked in the data breach via Have I Been Pwned or AmIBreached. These have a list of data breaches containing your email address.
3. Zoom was recently updated to use passwords by default. Do not try to turn off this feature.
4. Monitor number of participants in the Zoom meeting and if the list exceeds 12 members, consider it as a red flag.
5. If you’re hosting the meeting, change the screen sharing to ‘host-only’ so any unknown participant cannot share malicious content and Disable the ‘join before host’ and ‘allow removed participants to rejoin’ options.