fbpx

Hackers post hundreds of verified Zoom accounts on dark web

Details such as passwords, meeting IDs, host keys and names belonging to Zoom account users have been posted on the dark web, according to a report by Yahoo Finance.

Details such as passwords, meeting IDs, host keys and names belonging to Zoom account users have been posted on the dark web, according to a report by Yahoo Finance.

The report stated that the discovery of the compromised Zoom accounts was made by Sixgill, a cybersecurity firm that monitors the dark web.

Sixgill told Yahoo Finance that a popular dark web forum user has posted a link that allows others to download details of approximately 352 compromised Zoom accounts.

“In comments on this post, several actors (other users) thanked him for the post, and one revealed intentions to troll the meetings,” Sixgill said in a statement to the website.

Sixgill claimed that one Zoom account belonged to a major US healthcare provider while seven more were linked to educational institutions.

In a Twitter post on April 7, Sixgill shared a screenshot of the dark web forum post about compromised Zoom accounts.

The user had posted the link on April 1 and said he “worked really hard” on trying to obtain the accounts.

“If you are not fast enough to get this account on time, doesn’t mean that it is not working,” the user said, adding that he appreciates if others could ‘like’ the post.

The dark web is a network of Internet sites that are not accessible via usual search engines and requires special browsers to enter.

Sixgill in a separate posting said threat actors are drawn to dark web because it “allow users to browse, chat and conduct transactions anonymously”, making it a hotbed of criminal activity.

Zoom in a response to Yahoo Finance said it will be looking into the matter.

Meanwhile, the Malaysia Computer Emergency Response Team (MyCert) has issued an advisory on the use of video conferencing applications like Zoom.

MyCert said that users have a responsibility to choose a “secure and safe VTC (video tele-conferencing) platform for web conferencing”.

It shared some security guidelines such as asking users to only download VTC software from official websites or app stores, never share confidential information during a meeting, enable non-recordable videos/audio function and urge hosts to utilise the ‘waiting room’ feature to monitor participants joining the meeting.

LifestyleTech has reached out to CyberSecurity Malaysia on the use of Zoom.

Zoom has seen a surge in popularity among users who are practising social distancing during the Covid-19 pandemic as they turn to the platform to connect with family and friends on the digital space, with some even using it to livestream events like wedding ceremonies.

However, it also been plagued with security issues such as ‘Zoombombing’ where unwanted users spam meetings with inappropriate images and offensive slurs.

Chief executive officer Eric Yuan in a blog post on April 1 said the company will shift its engineering resources to focus on safety and privacy issues for 90 days, as part of some measures to improve user experience. – The Star

The Star, 8 April 2020 (Wednesday)