The popularity of videoconferencing app Zoom has, um, zoomed in recent weeks, as the COVID-19 coronavirus pandemic has forced folks to work from home. In the wake of the much-increased usage of the service have arisen concerns about the app’s security. However, the availability of Zoom login credentials isn’t actually connected to any security failings on Zoom’s part.
Instead, the availability is connected to users’ tendency to use the same login and password information on multiple websites. The availability is said to be the result of “credential stuffing attacks,” where hackers use accounts leaked in previous data breaches to attempt to log in to Zoom.
If a login attempt is successful, it is added to lists that are then sold or offered for free to other hackers. The credentials have been used in zoom-bombing pranks or for malicious reasons. The account information is being shared as lists containing a victim’s email address, password, personal meeting URL, and their HostKey.
Cybersecurity firm Cyble says it was able to purchase 530,000 Zoom credentials for $0.0020 per account. Cyble says the Zoom accounts began becoming available at the beginning of April, with hackers offering the credentials to build their reputation in the hacker community.
The Zoom credential leaks is another case that demonstrates to users how important it is to use unique passwords for each website or service that is used online. Users that would like to check if their email addresses have been leaked in a data breach (or twelve) can check on the Have I Been Pwned website or Cyble’s AmIBreached data breach notification service.