Half a million Zoom accounts were found for sale on the dark web

A result of credential stuffing – the findings should be a reminder of the importance of 'cyber-hygiene'.
17 April 2020

More than 500,000 Zoom accounts were compromised. Source: Unsplash

  • Over half a million Zoom accounts were found for sale in the dark web 
  • Each account was priced for as low as US$0.002 
  • Cybersecurity awareness and training key to combat increasing digital crimes 

This week, researchers from cybersecurity firm Cyble found credentials belonging to more than 500,000 Zoom accounts were being sold on the dark web and hacker forums for less than a cent each, or in some cases given away for free. 

The shocking revelation falls in line with the wave of cybercrime happening in the wake of the pandemic. With millions working and studying from home, the surface area threat has expanded, drawing a surge of cybercriminal activity. 

Cyble told Bleeping Computer that it noticed a peak in Zoom accounts for sale on April 1 and was able to purchase 530,000 for US$0.002 each. The accounts were tied with email addresses, passwords, personal meeting URLs, and host keys — the six-digit PIN used to start Zoom meetings. 

While Zoom is already under hot water due to a list of security and privacy blunders, the compromised accounts were not a product of a Zoom hack. Instead, the accounts were obtained using credential stuffing, whereby hackers rely on email and password combinations gained from previous hacks, and test them against Zoom access. 

Consequently, up to 500,000 accounts were gathered through this method, which stresses on the poor practices of users reusing old passwords or having the same password for multiple accounts. 

Among the accounts up for grabs were individuals from high-profile companies such as Chase and Citibank. 

The dangers of remote working

This incident was once again a reminder of the need for practicing cyberhygiene in the midst of remote working at a grand scale, and a surge in downloads and configuration of new systems as well as tools supporting organizational processes. 

The concept of “cyberhygiene” shares similarities in good practices that can curb the spread of the coronavirus.

Kiersten Todt, managing director of CRI, stated: “The best way to prevent the spread of COVID-19 is by doing the basics like washing your hands. Similarly, the cyberhygiene basics will go a long way in keeping small businesses resilient in this time of increased threats.”

The result of poor cyberhygiene practices could place an entire organization’s operations and assets at risk. The consequence of leaving hackers with loopholes and vulnerable points could lead to infiltration in company databases. 

Even though IT solutions, such as the deployment of multi-factor authentication (MFA) to access company data and systems can reduce the risks drastically, increased knowledge and awareness remains the best defence against a pool of cybercriminals. 

To date, only about half (46 percent) of organizations are found to have provided some form of training to prepare employees for remote working

Providing training and the necessary support for a dispersed workforce is no longer optional in the current landscape. Organizations need to consider developing or updating a cybersecurity awareness kit – ensuring staff are kept up to date with the most commonly-emerging threats, and how to spot and circumvent them. 

Clearly, the basis of cyberhygiene needs to be commonplace to prevent cases of stolen credentials that can fall into the hands of ill-intended parties. 

The growth of criminal activity online in the thick of the coronavirus outbreak has urged corporations to reassess their cybersecurity systems; however, it is equally essential to ensure employees are following best practices to minimize cybersecurity risks.