Over 500,000 Zoom accounts being sold on dark web: Protect yourself now

Over 500,000 Zoom accounts being sold on dark web: Protect yourself at present

(Paradigm credit: Zoom; Fox)

More than 500,000 Zoom accounts are beingness sold for fractions of a penny each on the "night web" and in hacker forums. Some are fifty-fifty existence given abroad.

Still, these accounts were not compromised every bit the effect of a Zoom data breach. And so says Bleeping Estimator with input from Singapore-based data-security house Cyble.

Rather, the accounts were harvested from credential-stuffing attacks, and possibly phishing attacks, over the past few years.

Everything that'south gone incorrect with Zoom (and so far)
Best Zoom alternatives for video conferencing
New: OnePlus 8 Pro specs and prices leaked ahead of today'due south launch

Cyble bought 530,000 account credentials for about 0.two cents each. The accounts included email addresses, Zoom passwords, Zoom personal meetings URLs and Zoom host keys. Many of them were conspicuously associated with universities and corporations, including Chase and Citibank.

How to protect your Zoom account

If your Zoom account was created earlier the start of the coronavirus lockdown, it might be best to change your Zoom password to something strong and unique. Doing so will protect you from the blazon of credential-stuffing attacks that likely resulted in this Zoom credential stash.

Credential-stuffing attacks are when criminals try to access uncompromised online accounts with email addresses and passwords harvested from other data breaches. They work just considering so many people reuse passwords for multiple accounts. You tin can avoid this trap by using one of the all-time countersign managers.

Cyble runs its own data-breach notification service called AmIBreached, into which you can plug in your ain email addresses or usernames to run across if any have been included in data breaches and credential sets. If and then, and then y'all take to sign upwardly for a gratis business relationship to see from which company your credentials were stolen.

It's not clear whether the Zoom credentials have been added to the AmIBreached dataset yet, but if not, they probably will be soon.

Information technology'south also likely that the Zoom dataset volition exist added to the free HaveIBeenPwned breach-notification service too in the next few days. You don't have to create an business relationship to use that service.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has besides been a dishwasher, fry cook, long-booty driver, code monkey and video editor. He's been rooting around in the data-security space for more 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Television news spots and even moderated a panel word at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.