Deep Web

500,000+ Zoom accounts available for sale on the Dark Web

Zoom accounts are flooding the dark web, over 500 hundred thousand Zoom accounts are being sold on hacker forums.

Over 500 hundred thousand Zoom accounts are available for sale on the dark web and hacker forums. Sellers are advertising them for .0020 cents each, in some cases they are offered for free.

The huge trove of account credentials was not stolen by Zoom, instead, it appears the result of credential stuffing attacks that leverage records from third-party data breaches.

The data were first discovered by experts at cybersecurity intelligence firm Cyble, lists of email addresses and associated passwords were published on text sharing sites.

These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations.

Cyble purchased more than 530,000 on an underground hacking forum and verified that the credentials were valid, account data includes a victim’s email address, password, personal meeting URL, and their HostKey.

“According to cybersecurity intelligence firm Cyble, who shared this information with BleepingComputer, hackers are offering these free accounts to gain an increased reputation in the hacker community.” states a post published by BleepingComputer that first reported the discovery.

A sample analyzed by Bleeping computer composed of 290 accounts (some offered for free) included credentials of accounts for many colleges, including the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida.

Bleeping computer verified them and discovered that in some cases they are old passwords likely obtained from past breaches.

Cyble confirmed that the accounts’ credentials belonging to some of its clients were valid.

For the accounts that belonged to clients of Cyble, the intelligence firm was able to confirm that they were valid account credentials.

Experts suggest Zoom users change their passwords and change it also on any other site that shares the same credentials.

Recently researchers at IntSight discovered a database available on an underground forum in the dark web that contained more than 2,300 compromised Zoom credentials.

Some of the records also included meeting IDs, names and host keys.

The archive included credentials for Zoom accounts belonging to organizations in various industries, including banking, consultancy, healthcare software companies.

A few days ago, security firm Sixgill reported the availability of a collection of 352 compromised Zoom accounts on dark web forum. 

Video conferencing platforms are under attack due to the spike in the use after the Coronavirus outbreak.

The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. The phishing messages urge victims to install the “update,” but it is a malware designed credentials for Cisco’s Webex web conferencing platform.

Threat actors use this bait to take advantage of the Coronavirus pandemic that forced most of the companies to adopt the smart-working.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Zoom, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

3 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

14 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

18 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

24 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.