Stolen Zoom account credentials are freely available on the dark web

Zoom dark web

Loved, hated, trusted and feared in just about equal measure, Zoom has been all but unavoidable in recent weeks. Following on from a combination of privacy and security scandals, credentials for numerous Zoom account have been found on the dark web.

The credentials were hardly hidden -- aside from being on the dark web. Details were shared on a popular forum, including the email address, password, meeting ID, host key and host name associated with compromised accounts.

See also:

The discovery was made by cybersecurity firm Sixgill whose researchers found a collection of 352 Zoom accounts advertised. The account credentials are not even being made available for sale, rather they are simply being shared for anyone to use. With accounts belonging to a US healthcare provider, educational establishments and several businesses, the scope for wreaking havoc is great.

In an email to Mashable, Dov Lerner, lead security researched at Sixgill, said:

The accounts could certainly be used to troll the owner of the account or those who are joining the owner's calls, but these credentials could also be used for corporate or personal eavesdropping, identity theft, and other nefarious actions. There's a number of ways a malicious actor could use these stolen accounts.

The fact that credentials are being made freely available rather than having a price tag attached to them suggests here that the aim is not profit, but to damage Zoom and harm users. Sixgill made the discovery back on April 1, and it is not clear how the stolen credentials were obtained.

Image credit: Sergey Nivens / Shutterstock

3 Responses to Stolen Zoom account credentials are freely available on the dark web

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.