Over 500,000 Zoom Accounts Sold Online

It has been a polarizing moment for Zoom. After the service took off in popularity because of the response with COVID-19 to place more people to work from home, several security and privacy issues were highlighted as well. Now, it seems like the storm is not yet over for them. It was recently reported that over five hundred thousand Zoom accounts are stolen and are being sold online.

As of April 1, cybersecurity firm Cyble found the accounts for sale according to BleepingComputer. They are currently for sale on the Dark Web and other hacker forums. Some accounts are also available free of charge.

Since noticing a seller uploading accounts on a hacker website, Cyble has reached out to purchase a huge amount of bulk accounts so they can be used to alert their clients about the possible breach.
Cyble was able to buy some 530,000 Zoom credentials at $0.0020 per account for less than a penny each.

One exposed user told BleepingComputer that the password mentioned was an old one, suggesting that some of those passwords are possibly from older stuffing attacks. This may also suggest that this incident is not Zoom’s fault.

Credential stuffing is a type of cyberattack where stolen account credentials often from a data breach are used to login to different applications.

To protect yourself against this attack, it is advised to use unique password for each online account that you use. So, in a case that a data breach happens to one of the websites that you use, the credentials you use there will not be usable to your other accounts online.