Passwords and email addresses for thousands of Zoom accounts are for sale on the dark web

(005320.38-:E-003569.93:N-HO:R-SU:C-30:V)   


Jan‘s Advertisement
Video: Blacks massive wastage, massive inefficiency: Why Africa Wasted $1.4 Trillion in Foreign Aid
Africa is the richest continent on Earth. In fact, it is richer in minerals than the whole world combined. Yet these useless Blacks have received more food, medicines and AID than any other place on Earth. Their levels of wastage and failure are unbelievable.


Zoom users who reuse the same passwords from other accounts can face an ugly unintended consequence — having their login information sold on the dark web.

Personal account information including email addresses, passwords and the web addresses for Zoom meetings are both being posted freely and sold for pennies. One dataset for sale on a dark web marketplace, discovered by an independent security firm and verified by NBC News, includes about 530,000 accounts.

The accounts were first reported by tech news website BleepingComputer.

Zoom declined to share specifics about how the information could get out, but many of the email addresses listed had been part of previous data breaches, which are often sold and repacked on hacker forums.

“Zoom takes user security seriously," a Zoom spokesperson said in an email. “We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”

Using the posted data, someone could access a person’s personal meeting room and launch that room. They could invite others to join while impersonating the host. That opens the door to hackers exploiting a user’s contacts, like by sending them malware through Zoom invites or creating scenarios to extort them.

One hacker forum, seen by NBC News, discussed using a tool called OpenBullet — which lets users feed large sets of existing usernames and passwords to try to log into different sites — successfully on Zoom. This is a common strategy known as credential stuffing and takes advantage of people who reuse passwords and usernames.

Zoom has exploded in popularity as social distancing and stay-at-home orders forced more people to rely on videoconferences to keep connected. The Silicon Valley firm now supports over 200 million daily users, up from 10 million before the pandemic.

tdy_news_9a_vicky_zoom_coronavirus_200403_1920x1080.focal-860x484.jpg

tdy_news_9a_vicky_zoom_coronavirus_200403_1920x1080.focal-760x428.jpg

How to avoid scams during the coronavirus crisis

APRIL 3, 202005:22

The platform has also given rise to a new form of harassment — Zoombombing — in which an unwanted person joins a Zoom meeting and is disruptive. Concerns that Zoom’s security wasn’t ready for such scrutiny led to a handful of school districts, like New York City, and companies, like SpaceX, to ban the use of the software.

“No matter how this information got out, there is a high likelihood that Zoom could have prevented it,” said Lou Rabon, CEO and founder of Cyber Defense Group, which does IT security for companies. He explained that these kinds of attacks can be stopped if companies implement two-factor authentication.

Source: https://www.nbcnews.com/tech/security/passwords-email-addresses-thousands-zoom-accounts-are-sale-dark-web-n1183796?cid=public-rss_20200415



Jan‘s Advertisement
2006: Norman Reeves: I can solve S.African crime in 6-weeks!!!
This was a kickass Englishman I knew, who fought in Rhodesia and S.Africa. He ran a security company. He died under mysterious circumstances.

%d bloggers like this:
Skip to toolbar