Hackers gave 5 lakh Zoom account credentials for free on Dark Web


San Francisco, Apr 14 (IANS): In growing troubles for video meet app Zoom, hackers dumped over 5 lakh credentials of those who attended office conference calls via Zoom and gave away those for free on the Dark Web.

According to a Forbes report, experts at cyber risk assessment platform Cyble discovered a hacker giving away Zoom credentials for free.

"Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company's clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys," the report said on Monday.

Cyble confirmed that the credentials were indeed valid.

Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct.

"In at least one case, however, the password listed was one that the user had long since changed," the report mentioned.

The video meet app has gained immense popularity among the enterprises, SMBs and schools in India and elsewhere to connect remotely in social distancing times – making it a treasure trove for the hackers.

One hacker interviewed by Motherboard who claims to have traded exploits found in Zoom on the black market said that Zoom flaws typically sell for between $5,000 to $30,000.

The vulnerabilities - everything from webcam or microphone security to sensitive data like passwords, emails, or device information - are being sold on the Dark Web.

Other issues that have affected its credibility is data-sharing with Facebook, exposed LinkedIn profiles, and a "malware-like" installer for macOS.

Zoom Video Communications has also been sued by one of its shareholders who alleged that the company kept some of its security flaws hidden.

  

Top Stories


Leave a Comment

Title: Hackers gave 5 lakh Zoom account credentials for free on Dark Web



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.