Zoom Passwords and Meeting IDs Are Now Shared on the Dark Web

Last updated April 9, 2020
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The security and privacy problems for Zoom keep on pullulating, and the widely used teleconference app is having yet another issue to handle right now. As reported by Sixgill, an Israeli cybersecurity company that focuses on deep and dark web threat intelligence, there’s a set of 352 Zoom account credentials shared on a popular dark web forum right now. The information includes account email address and passwords, meeting IDs, host key, and hostname. The data is openly shared and not even put up for purchase.

zoom_listing

Source: Mashable

The stolen credentials concern both free and paying Zoom users. People who responded on the same thread thanked the leaker, and some expressed their intention to troll the meetings. It is an act that the U.S. Department of Justice has already warned about, possibly resulting in the imprisonment of the actor, as teleconferencing hacking is considered an internet crime. But “ZoomBombing” isn’t the only risk for the exposed individuals. A malicious actor could potentially login by using the stolen credentials and eavesdrop on the meetings.

zoom_post

Source: Mashable

This raises several concerns, like whom these accounts belong to, for example. According to Sixgill’s researchers, some accounts belong to small business owners and employees, others to educational institutions, and there is even one belonging to a major healthcare provider in the United States. The collection of the 352 account credentials first appeared on the dark web on April 1, 2020, so it’s been over a week already for this leak. These accounts are likely shared on multiple platforms and not just the dark web forum where Sixgill first spotted them. Finally, it is unclear how the leaker managed to get his/her hands on this information, and whether Zoom suffered a breach or not.

One thing is certain right now, and this is that governments and organizations aren’t trusting Zoom. Google has banned its employees from using the popular teleconferencing platform, and the Taiwan government has done the same after they found that data is routed through Chinese servers. Also, SpaceX was among the first to publish an advisory against using Zoom for its employees, and this week, the Australian Defense Force circulated a similar bulletin too. If you are looking for alternatives to Zoom, check out our list with the best options you have at the moment.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: