08:35 GMT14 May 2021
Listen Live
    Tech
    Get short URL
    230
    Subscribe

    In a statement, Zoom said it had hired specialists to help track down compromised accounts and end the sale of them. In the meantime, all Zoom product development has ceased to allow staff to focus on addressing security concerns and flaws.

    Hundreds of thousands of hacked Zoom accounts are being sold on the dark web, after the video conferencing app’s rate of usage surged due to the worldwide coronavirus lockdown, according to Cybersecurity site BleepingComputer.

    BleepingComputer issued a report revealing how account details and passwords have been compromised, collected and sold. They’re typically sold in bulk for extremely small sums, with a single account login - replete with email address, password, personal meeting URL and HostKey - up for grabs for as little as US$0.0020. This means, over 500,000 Zoom accounts can be bought for US$1,000.

    Account details are likely gathered through "credential stuffing" attacks, in which cyber criminals attempt to log in to accounts on various websites using usernames and passwords leaked in previous breaches, on the assumption individuals typically maintain the same credentials across platforms and rarely if ever update them.

    ​Hacked accounts are then used for ’zoom-bombing' pranks and other malicious activities.

    “We’ve already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials,” the firm said.

    The company added this particular kind of attack “generally” doesn’t affect their “large enterprise customers”, who utilise their own single sign-on systems. It’s unknown how many users in total are affected, although the figure is surely sizeable due to millions of workers, students and families signing up for the video conferencing app has during the Covid-19 lockdown as a means of studying, working and staying in touch.

    Coronavirus has proven to be a goldmine for fraudsters - the US Federal Trade Commission estimates approximately US$13 million has been lost to Covid19-related scams since January 2020, with a median loss of US$570 in over 16,778 separate reported scams.

    ​Most reports were received from California, with 2,010 consumers saying they were targeted by fraudsters, followed by Florida, New York, and Texas with over 1,000 complaints each.

    Scammers targeting consumers seeking vacations deals accounted for 2,800 fraud attempts reported to the FTC, while online shopping and text message-based scams accounted for 1,741 and 1,017 reports respectively.

    Related:

    Former Facebook Security Chief to Work for Zoom Amid Platform Security Concerns
    'Bye Bye Bernard': Former Clinton Staffers Invited to Zoom to Celebrate Sanders Out - Report
    US Senators Reportedly Told to Stop Using Zoom Over Data Privacy Concerns
    Pentagon Bans Use of Most Zoom Programs for Official DoD Business Amid Pandemic
    Tags:
    scam, SARS coronavirus, COVID-19, corona
    Community standardsDiscussion