Here is the latest from PC Magazine:
You might want to place a strong password on your Zoom account. Otherwise, it could end up for sale on the dark web.
Security firm Cyble says thousands of breached Zoom accounts have been circulating in underground hacker forums since April 1. The company told BleepingComputer it purchased access to 530,000 Zoom login credentials for a mere $0.0020 per account.
In return, the seller gave Cyble access to account holders’ email addresses, passwords, personal meeting URLs, and their host keys, which can be used to claim “host controls” for a Zoom meeting.
The seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords. With the aid of automated software tools, a hacker can plug in thousands of potential logins into an internet service to find out the right combinations to break into someone’s user account.
Other services including Amazon, Netflix, and Disney+ are also regularly targeted with automated account hijacking attacks. So it’s strongly recommended you use hard-to-guess, unique passwords on your online accounts. (To help you remember the logins, consider a password manager.)
In Zoom’s case, an account hijacking could be especially serious for people who use the video conferencing service for sensitive business meetings or government purposes. Accessing a Zoom account will also display all the meetings a person has scheduled on the service, with easy access to attend them. According to Cyble, the accounts it bought from the dark web seller appear to be connected to well-known companies such as Chase, Citibank, and educational institutions.
“The data was shared with us privately via an App (Telegram) with a Russian-speaking actor,” Cyble CEO Beenu Arora told PCMag. “At this point, we have just tested some samples, and a good portion of the samples seem valid.”