Rewterz Threat Alert – Zoom Accounts Sold on Hacker Forums

Severity

High

Analysis Summary

New users have made a flocked to the Zoom video conferencing platform as businesses, schools, and other organizations look for ways to meet safely during the Coronavirus pandemic. However, threat actors have managed to keep them one step ahead of the game by potentially gaining access to thousands of accounts with re-usage of old passwords and now being sold on the hacker forums. Over 530,00 zoom credentials which also included personal meeting URLs and Zoom host keys are available for sale which are being sold for less than a penny each, and in some cases, given away for free. 

Gathered by credential surfing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches and sold on different hacker forums. Different random email addresses exposed in these lists and has confirmed that some of the credentials were correct. 

Different purchased accounts have information of victim’s email address, password, personal meeting URL, and their HostKey.

Impact

• Exposure of sensitive data
• Information theft

Affected Vendors

Zoom

Remediation

• Set unique passwords for each sites while registering your accounts.
• Always use combinations of letters, symbols and uppercase and lowercase letters.
• Do no reuse your password.
• Change your passwords every three months.