Over 500,000 Zoom accounts being sold on dark web: Protect yourself now

News
By
published

Stolen Zoom credentials include emails, passwords

How to change your Zoom background
(Image credit: Zoom; Fox)

More than 500,000 Zoom accounts are being sold for fractions of a penny each on the "dark web" and in hacker forums. Some are even being given away.

However, these accounts were not compromised as the result of a Zoom data breach. So says Bleeping Computer with input from Singapore-based information-security firm Cyble. 

Rather, the accounts were harvested from credential-stuffing attacks, and perhaps phishing attacks, over the past few years.

Cyble bought 530,000 account credentials for about 0.2 cents each. The accounts included email addresses, Zoom passwords, Zoom personal meetings URLs and Zoom host keys. Many of them were clearly associated with universities and corporations, including Chase and Citibank.

How to protect your Zoom account

If your Zoom account was created before the start of the coronavirus lockdown, it might be best to change your Zoom password to something strong and unique. Doing so will protect you from the type of credential-stuffing attacks that likely resulted in this Zoom credential stash.

Credential-stuffing attacks are when criminals try to access uncompromised online accounts with email addresses and passwords harvested from other data breaches. They work only because so many people reuse passwords for multiple accounts. You can avoid this trap by using one of the best password managers.

Cyble runs its own data-breach notification service called AmIBreached, into which you can plug in your own email addresses or usernames to see if any have been included in data breaches and credential sets. If so, then you have to sign up for a free account to see from which company your credentials were stolen.

It's not clear whether the Zoom credentials have been added to the AmIBreached dataset yet, but if not, they probably will be soon.

It's also likely that the Zoom dataset will be added to the free HaveIBeenPwned breach-notification service as well in the next few days. You don't have to create an account to use that service.

See more Computing News
TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
Discord on a phone and a laptop
Almost 1 million Discord users just had their account details exposed in new RestoreCord data breach — what to do now
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
An open lock depicting a data breach
Thousands including children exposed in major data breach — names, addresses, Social Security numbers and more accessed by hackers
DeepSeek logo on smartphone in front of computer data
Massive DeepSeek data leak exposes sensitive info for over 1 million users — what you need to know
Latest in Video Conferencing
A composite image showing Skype and Microsoft Teams side by side
I used Skype for years, and Teams is a poor replacement for the video calling service that started it all
Google Meet
Google Meet is getting a very handy automatic picture-in-picture mode — what you need to know
Project Starline 3D video conferencing
I just tried Google’s 3D video conferencing tool launching next year — here’s what Project Starline is like
Microsoft Teams
New Microsoft Teams is live — here's the 3 biggest upgrades
Google Meet update
It's official — Google Meet is getting one of Zoom’s best features
Zoom call on MacBook
Zoom flaw allows hackers to take over your Mac — update right now
Latest in News
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Crystle Stewart as Mallory in Tyler Perry's "Beauty in Black" on Netflix
Tyler Perry’s suspenseful drama series just crashed the Netflix top 10 — and you can stream new episodes now
ExpressVPN connected on Linux app
ExpressVPN launches huge Linux update – what you need to know
Cover of Robbie Williams as a CGI monkey in "Better Man"
This music biopic I missed from 2024 is finally coming to streaming
Kate Hudson as Isla Gordon in "Running Point" now streaming on Netflix
Netflix top 10 shows — here’s the 3 worth watching right now
Penn Badgley as Joe Goldberg in episode 502 of You
New ‘You’ season 5 trailer teases Netflix show’s killer final season
More about video conferencing
A composite image showing Skype and Microsoft Teams side by side

I used Skype for years, and Teams is a poor replacement for the video calling service that started it all
Google Meet

Google Meet is getting a very handy automatic picture-in-picture mode — what you need to know
Crystle Stewart as Mallory in Tyler Perry's "Beauty in Black" on Netflix

Tyler Perry’s suspenseful drama series just crashed the Netflix top 10 — and you can stream new episodes now
See more latest
Most Popular
Crystle Stewart as Mallory in Tyler Perry's "Beauty in Black" on Netflix
Tyler Perry’s suspenseful drama series just crashed the Netflix top 10 — and you can stream new episodes now
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
ExpressVPN connected on Linux app
ExpressVPN launches huge Linux update – what you need to know
Cover of Robbie Williams as a CGI monkey in "Better Man"
This music biopic I missed from 2024 is finally coming to streaming
TCL QM7K lifestyle
TCL just dropped one of the best-looking QLED TVs of the year — and it reaches a super-bright 3,000 nits
Kate Hudson as Isla Gordon in "Running Point" now streaming on Netflix
Netflix top 10 shows — here’s the 3 worth watching right now
Penn Badgley as Joe Goldberg in episode 502 of You
New ‘You’ season 5 trailer teases Netflix show’s killer final season
Elon Musk next to the X logo for the social media network that used to be called Twitter
X / Twitter down for a third time — live updates on the massive outage
MacBook Air M4
MacBook Air M4 just finally solved a keyboard problem after 25 years — here's what's fixed
Cartoon image of three people using smartphones and laptops
NordVPN reinforces its security credentials with independent audit