Passwords and email addresses for thousands of Zoom accounts are for sale on the dark web

(005320.38-:E-003569.93:N-HO:R-SU:C-30:V)   

Zoom users who reuse the same passwords from other accounts can face an ugly unintended consequence — having their login information sold on the dark web.

Personal account information including email addresses, passwords and the web addresses for Zoom meetings are both being posted freely and sold for pennies. One dataset for sale on a dark web marketplace, discovered by an independent security firm and verified by NBC News, includes about 530,000 accounts.

The accounts were first reported by tech news website BleepingComputer.

Zoom declined to share specifics about how the information could get out, but many of the email addresses listed had been part of previous data breaches, which are often sold and repacked on hacker forums.

“Zoom takes user security seriously," a Zoom spokesperson said in an email. “We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”

Using the posted data, someone could access a person’s personal meeting room and launch that room. They could invite others to join while impersonating the host. That opens the door to hackers exploiting a user’s contacts, like by sending them malware through Zoom invites or creating scenarios to extort them.

One hacker forum, seen by NBC News, discussed using a tool called OpenBullet — which lets users feed large sets of existing usernames and passwords to try to log into different sites — successfully on Zoom. This is a common strategy known as credential stuffing and takes advantage of people who reuse passwords and usernames.

Zoom has exploded in popularity as social distancing and stay-at-home orders forced more people to rely on videoconferences to keep connected. The Silicon Valley firm now supports over 200 million daily users, up from 10 million before the pandemic.

tdy_news_9a_vicky_zoom_coronavirus_200403_1920x1080.focal-860x484.jpg

tdy_news_9a_vicky_zoom_coronavirus_200403_1920x1080.focal-760x428.jpg

How to avoid scams during the coronavirus crisis

APRIL 3, 202005:22

The platform has also given rise to a new form of harassment — Zoombombing — in which an unwanted person joins a Zoom meeting and is disruptive. Concerns that Zoom’s security wasn’t ready for such scrutiny led to a handful of school districts, like New York City, and companies, like SpaceX, to ban the use of the software.

“No matter how this information got out, there is a high likelihood that Zoom could have prevented it,” said Lou Rabon, CEO and founder of Cyber Defense Group, which does IT security for companies. He explained that these kinds of attacks can be stopped if companies implement two-factor authentication.

Source: https://www.nbcnews.com/tech/security/passwords-email-addresses-thousands-zoom-accounts-are-sale-dark-web-n1183796?cid=public-rss_20200415



Jan‘s Advertisement
A Good Christian Website that exposes Jews, their Lies and Crimes
There is a lot of stuff on here. It‘s a good source.


Jan‘s Advertisement
2006: S.Africa: ThinkTank: Blacks try to kill all the Whites, Part II
Does anyeone (aside from Jan of course) remember the Tempe Army Camp massacre a few years ago (1999 I think) when one of the ex-MK terrorist went berserk and killed 8 white officers?


Jan‘s Advertisement
White Shop: Tigers in the Mud: The Combat Career of German Panzer Commander Otto Carius
He was physically small and often underestimated, but once he took command of his first Tiger he found his calling and worked his way up the chain of command from a lowly loader to company leader. His exploits on the Ost Front became semi-legendary, but unlike some of his more famous fellow Tiger aces (Wittman, von Strachwitz), he survived to tell the tale first-hand.
%d bloggers like this:
Skip to toolbar