Over 500,000 Zoom Credentials Found on Dark Web

Summary

Over 500,000 unique Zoom account credentials were discovered on dark web hacker forums. Exposed data includes victims’ email addresses, passwords, personal meeting URLs, and HostKeys, and were likely gathered through credential stuffing attacks. This was an opportunistic attack and did not target any specific type of user. Most of the collections were offered for free or at low cost to cyber-criminals. This information can be used to hijack VTC meetings, take over accounts, conduct business email compromise (BEC) attacks, and other malicious activity. Cyber-criminals may also attempt to use these credentials to access user accounts for other services. Zoom stated that they have hired multiple intelligence firms to assist in the investigation and are notifying victims of compromised accounts.

Recommendations

The NJCCIC recommends users avoid reusing passwords across multiple platforms and enable multi-factor authentication where available. Additionally, we suggest Zoom users avoid scheduling a meeting using your personal meeting ID, which does not change, and instead automatically generate a new meeting ID for each meeting, sending the meeting password through an additional email or other means of communication. The NJCCIC highlighted security concerns surrounding video-teleconferencing (VTC) platforms and provides recommendations for using Zoom. For further details regarding this incident, please see the Bleeping Computer article.