Users Beware! Over 500,000 Zoom Accounts Up for Auction on Dark Web - Report

© REUTERS / Amr Abdallah DalshA student takes class online while using the Zoom app at her home as Egypt shut down schools as the spread of the coronavirus disease (COVID-19) continues, in Cairo, Egypt April 5, 2020
A student takes class online while using the Zoom app at her home as Egypt shut down schools as the spread of the coronavirus disease (COVID-19) continues, in Cairo, Egypt April 5, 2020 - Sputnik International
Subscribe
US
India
Global
In a statement, Zoom said it had hired specialists to help track down compromised accounts and end the sale of them. In the meantime, all Zoom product development has ceased to allow staff to focus on addressing security concerns and flaws.

Hundreds of thousands of hacked Zoom accounts are being sold on the dark web, after the video conferencing app’s rate of usage surged due to the worldwide coronavirus lockdown, according to Cybersecurity site BleepingComputer.

BleepingComputer issued a report revealing how account details and passwords have been compromised, collected and sold. They’re typically sold in bulk for extremely small sums, with a single account login - replete with email address, password, personal meeting URL and HostKey - up for grabs for as little as US$0.0020. This means, over 500,000 Zoom accounts can be bought for US$1,000.

Account details are likely gathered through "credential stuffing" attacks, in which cyber criminals attempt to log in to accounts on various websites using usernames and passwords leaked in previous breaches, on the assumption individuals typically maintain the same credentials across platforms and rarely if ever update them.

​Hacked accounts are then used for ’zoom-bombing' pranks and other malicious activities.

“We’ve already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials,” the firm said.

The company added this particular kind of attack “generally” doesn’t affect their “large enterprise customers”, who utilise their own single sign-on systems. It’s unknown how many users in total are affected, although the figure is surely sizeable due to millions of workers, students and families signing up for the video conferencing app has during the Covid-19 lockdown as a means of studying, working and staying in touch.

Coronavirus has proven to be a goldmine for fraudsters - the US Federal Trade Commission estimates approximately US$13 million has been lost to Covid19-related scams since January 2020, with a median loss of US$570 in over 16,778 separate reported scams.

​Most reports were received from California, with 2,010 consumers saying they were targeted by fraudsters, followed by Florida, New York, and Texas with over 1,000 complaints each.

Scammers targeting consumers seeking vacations deals accounted for 2,800 fraud attempts reported to the FTC, while online shopping and text message-based scams accounted for 1,741 and 1,017 reports respectively.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала