'The purchased accounts include a victim's email address, password, personal meeting URL, and their HostKey'
Is your Zoom account one of them? Today, reports are circulating that 500,000 Zoom account credential sets are for sale on the dark web and hacker forums.
Writes Lawrence Abrams at Bleeping Computer, “These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches.”
Logins that work get compiled into lists that are sold to other hackers, and some are available free of charge, just for the fun of using them in zoom-bombing and other malicious activities.
Others are sold for less than a penny each.
According to cybersecurity intelligence firm Cyble, who shared this information with BleepingComputer, hackers are offering these free accounts to gain an increased reputation in the hacker community. These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations.
In the below example, 290 accounts related to colleges such as the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and many more were released for free.
The purchased accounts include a victim's email address, password, personal meeting URL, and their HostKey.
Over 500,000 Zoom accounts sold on hacker forums, the dark web
[bleepingcomputer.com, April 13, 2020 02:05 PM]