Experts at US cyber security firm Cyble have detected over 5 lakh Zoom account credentials available for sale online on the Dark Web. Hackers were selling usernames and passwords linked to more than 500,000 Zoom accounts on the Dark Web and other hacker forums for less than a penny each and, in some cases, given away for free, the firm claimed.
Much like the internet–or clearnet–that billions of people access every day from mobile and desktop devices, the Dark Web is a network of websites, forums, and communication tools like email.
According to BleepingComputer, which spoke to Cyble, the experts at the firm noticed the influx of Zoom accounts for sale on April 1. It purchased more than 5.3 lakh credentials at a bulk price of $0.002 per account. Some accounts are even shared for free, it said.
The hacked credentials included personal meeting URLs, user’s email address, password, and host key – a six-digit pin tied to the Zoom user’s account, which is used to host the meeting.
According to Cyble, some of these account details belonged to companies or institutions including Chase, Citibank, and various universities.
Video-conferencing app Zoom Video Communications provides software, including a mobile app, for videotelephony, online chat, and business telephone systems. Use of the platform is free for video conferences of up to 100 participants, with a 40-minute time limit. Earlier this month, Zoom had implemented update for specific account types to make meetings more private and secure.
Earlier in February, a Singapore-based cyber-security company had detected a fresh database of credit and debit cards issued by Indian banks available for sale on the Dark Web. This database included payment records of 461,976 cards, 98 per cent of which were from the “biggest Indian banks”.