Zoom is recently becoming more popular as the eminent video-conferencing solution for most employees due to the pandemic COVID-19 lockdown. This rise in the needs of the app has apparently made the app vulnerable and lucrative to hackers. As per the recent report given by Bleeping Computer, it is found that over 500 thousand zoom accounts are being sold illegally on the dark web. Further, some of the Zoom accounts are also sold for the value of less than one penny. ETV News Headlines gives you more information on the hacked zoom accounts.
All these hacked Zoom credentials are gathered through the credential stuffing attacks on some of the unaware users. Here, these threat actors attempted to login zoom accounts with the help of some accounts leaked in the older data breaches. When the login is unsuccessful, they are compiled into the new list and sold to the hacker to make use of it.
On the other hand, some also proceeded to offer some free on the hacker forum. This helps the hackers to use the zoom-bombing pranks and several other malicious activities. A report from the cyble, a cyber security intelligence firm states that multiple Zoom accounts began to show up on the hacker’s forum to gain more reputation to the entire hacking community who are trying to hack Zoom accounts.
About the hacked zoom accounts
All these hacked accounts are shared through the text-sharing websites where the threat-actors are posting lists targeted victims. This contains several details like the Email Ids and the passwords of the hackers who have been hacked. These publications contacted some randomly selected Email IDs and it helps to confirm that some of the credentials were correct as per the records. One of the users mentioned that the leaked password was now the new one and it was used long back. So, it proves that the credentials are likely from older credential-stuffing attacks.
The security agency tried to purchase such a zoom account in bulk. This was a warning to these users of the risk. They purchased 5, 30,000 zoom credentials paying USD 0.002 account. When equating it to the Indian currencies, the value would be around Rs. 0.15 per account. This cost also covers email address, passwords, personal meeting URL, and their HostKeys. So, it is the complete set for just USD 0.002.
What did the company in-response say?
They said that it was common for the web services that serve the consumers to be targeted by some activity that typically involves several bad actors testing. A large number already compromised credentials from other platforms to find if the user has made use of it elsewhere. They have also hired several intelligence firms that might shut down thousands of websites attempting to trick the users into downloading such malware and giving all the required credentials. This type of attack will not create a huge impact in large enterprises. However, small enterprises that use single own sign-in systems will need to face huge impacts out of these issues.
The companies also stated that they will investigate and look for the accounts that were found to be compromised, accounts that ask the users to change the passwords or some other activities to make the account safer. They have also implemented some technology to monitor the safety of such a zoom account as it has a serious connection with the entire business.
This is not the first time
Such unbelievable hacking is not happening for the first time. It happens frequently. Recently in February, a Singapore-based cyber security company had detached a fresh database of credit and debit cards that were issued by several banks and this was on the dark web. This huge database collected the recorded 461,976 cards and more than 98% of it is from the Indian market. For more other information, you can follow ETV Bharat Latest News and have the updates.
