New users have flocked to the Zoom video conferencing platform as businesses, schools, and other organizations look for ways to meet safely during the Coronavirus pandemic. Unfortunately many of those brand new accounts appear to have been secured with old passwords.
The cyber risk assessment experts at Cyble recently discovered a hacker selling stolen Zoom credentials at dirt-cheap prices — and in some cases giving them away for free.
Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys. Cyble reached out and confirmed that the credentials were indeed valid.
Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct. In at least one case, however, the password listed was one that the user had long since changed.
It’s likely that most — if not all — of the half-million-plus passwords on offer are old. They might be new to the Zoom accounts in question but may well have been used elsewhere by the same individuals… Forbes