Over 500K Zoom accounts being sold on dark web, researchers find

Get all the latest news on coronavirus and more delivered daily to your inbox.  Sign up here.

Zoom could be facing yet another wave of bad news.

More than 500,000 accounts of the popular video conferencing app are being sold on the dark web and hacker forums, according to a report from BleepingComputer, a cybersecurity news site.

These accounts are being sold “for less than a penny each, and in some cases, given away for free,” the report said.

(Photo Illustration by Budrul Chukrut/SOPA Images/LightRocket via Getty Images)

'ZOOM-BOMBING': FBI WARNS SOME TELECONFERENCES, ONLINE CLASSROOMS VULNERABLE TO HACKERS

In this case, cybercriminals are employing “credential stuffing” where they try to log in to Zoom using account data such as usernames and passwords, leaked in older data breaches. If the login is successful, it is added to a list that is sold to other hackers.

BleepingComputer said it contacted random email addresses exposed in the lists and confirmed that some of the passwords were correct while others were old.

Cybersecurity intelligence firm Cyble began seeing free Zoom accounts being posted on hacker forums earlier this month to “gain an increased reputation in the hacker community,” according to the report.

These accounts are shared via so-called “text sharing” sites where the lists are posted. In one example, 290 accounts from major U.S. universities were released for free. Accounts for major U.S. financial companies were also posted, according to the report.

“Credential stuffing attacks used to generate lists of login names and passwords are not unique to Zoom and affect all online services,” Lawrence Abrams, the creator and owner of BleepingComputer, told Fox News.

“The best way to protect yourself from attacks like these is to use a unique password at every site you visit, which can be made easier using a password manager,” Abrams added.

Zoom said it is aware of the problem.

“It is common for web services that serve consumers to be targeted by this type of activity,” a Zoom spokesperson told Fox News, adding this type of hack typically involves “bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere,” referring to users’ sensitive personal information that has already been exposed to cybercriminals.

“This kind of attack generally does not affect our large enterprise [corporate] customers that use their own single sign-on systems,” the Zoom spokesperson continued.

Zoom has hired intelligence firms and cybersecurity firms to fight the hacks. “We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,” the spokesperson added.

A separate report from Motherboard on Wednesday said that brokers are offering so-called “zero-day exploits” that hack into Zoom video sessions. A zero-day exploit takes advantage of a vulnerability in a software program that is not made public before the day it becomes active, meaning that there are, in effect, zero days to fix the problem.

The vulnerabilities would allow hackers to break into Zoom video sessions and potentially spy on calls, according to Motherboard.

“Zoom takes user security extremely seriously. Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them. To date, we have not found any evidence substantiating these claims,” a Zoom spokesperson told Fox News.

FBI, US GOVERNMENT WARN ON SPIKE IN CORONAVIRUS CASES

Zoom has been beset with bad publicity in the wake of the coronavirus crisis, as employees across the U.S. and the globe are forced to work from home and use apps such as Zoom for videoconferencing.

"Zoombombing,” when an unwanted participant breaks into a session, became serious enough for the FBI to issue an advisory in March. In recent weeks, the company has upgraded its app with several new security features, including meeting passwords and the ability to lock rooms and remove participants.

The company, which went public in 2019, has also seen pushback from customers because some calls have been routed through servers in mainland China. The spokesperson told Fox News it employs geofencing to ensure that the data from users outside of China remains outside the country.

Separately, the U.S. Senate Sergeant at Arms has warned that Zoom poses a high risk, according to Politico. The spokesperson added the company is in communication with the U.S. Senate.

CLICK HERE FOR COMPLETE  CORONAVIRUS COVERAGE

As of Thursday afternoon, more than 2 million coronavirus cases have been diagnosed worldwide, more than 640,000 of which are in the U.S., the most impacted country on the planet.

GET THE FOX NEWS APP