Over 500,000 Zoom accounts sold on hacker forums, the dark web

Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.

These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers.

Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.

Cybersecurity intelligence firm Cyble told Bleeping Computer that around April 1st, 2020, they began to see free Zoom accounts being posted on hacker forums to gain an increased reputation in the hacker community. Cyble has told Bleeping Computer that these accounts include ones for well-known companies such as Chase, Citibank, educational institutions, and more.

For the accounts that belonged to clients of Cyble, the intelligence firm was able to confirm that they were valid account credentials. In a statement to Bleeping Computer, Zoom stated that they have already hired intelligence firms to help find these password dumps so that they can reset affected users’ passwords.

Reference:

https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/