If you use your go-to password for Zoom, consider changing it, according to a new report about cybersecurity researchers finding credentials for more than 500,000 Zoom accounts on the dark web.
Business Insider reports cybersecurity firm Cyble discovered the accounts, many of which were being sold for less than one cent per account. Others were being given away in bulk on hacker forums to be used for “Zoombombing” that allows bad actors to hijack Zoom meetings.
Cyble purchased about 530,000 accounts for $0.0020 each. The information purchased included email addresses, personal meeting URLs, and the six-digit pin number meeting hosts use to set up the call.
Many of the accounts for sale belonged to enterprise customers like Chase and Citibank, while others were for university accounts.
Zoom has been plagued with security and privacy issues for the last few weeks, but Zoom might be off the hook for this one, Business Insider notes.
“This doesn’t mean Zoom got hacked. Although the videocall service has been beset with privacy issues since the onset of the coronavirus drove millions more people to its service, the accounts for sale on the dark web were obtained using “credential stuffing” attacks. This means hackers used password-email combinations obtained through previous hacks and tried their luck on people’s Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable.
“Effective ways to negate credential stuffing include using unique passwords for every site you visit online, and checking whether your email address has been leaked in previous data breaches using Have I Been Pwned.”
It’s generally a good practice to change your passwords periodically anyway, but it’s an even better practice to use different passwords for different platforms and programs. If your Zoom password is the same as any others, change it. While you’re at it, change your other passwords as well.
Zachary Comeau is the web editor for CS sister publication My Tech Decisions. This article originally ran in that publication.