Hundreds of thousands of Zoom passwords for sale on the dark web

It’s understood that there may be as many as 500,000 Zoom passwords up for sale on the dark web for less than a penny each as the video conferencing app’s popularity has skyrocketed during the Coronavirus pandemic.

Security experts believe that the hacked accounts have been comprised due to credential stuffing and from other hacked websites where credentials are re-used. Either way, as the popularity of the app has grown significantly as much of the world remains in lockdown, people need to be careful.

The last thing anyone needs in this already troubling time is hackers and scammers taking advantage of people’s vulnerabilities.

The dangers of compromised Zoom passwords

With so many compromised Zoom passwords, and a huge increase in the use of the app as a result of the COVID-19 lockdown, the dangers are real.

Hackers and criminals could hack into accounts to contact people. They could break into a conference and bombard victims with spam or links to potentially harmful websites. If people are not careful, they could engage with users and record conferences.

As such, the dangers are clear, and it looks like there are some hackers and fraudsters out there that are prepared to exploit people at this already vulnerability time. Companies using the platform for corporate matters must also understand that the dangers for their remote working employees are very real too.

How has the information been compromised?

It’s understood that the compromised Zoom passwords have not stemmed from a direct hack on the company as such. It appears that it could be a combination of credential stuffing and using compromised accounts where people have re-used the same credentials.

People should not underestimate what hackers and criminals can do. They can use software to try and guess passwords for accounts using combinations of standard ones people use, such as “password” or “password123”. Unbelievably, some people still use such passwords!

If credentials have been compromised in hacks from years ago and people are still not changing their passwords and still using the same credentials for multiple accounts, it’s open season for fraudsters. Criminals can sit on stolen credentials for years if needs be and wait for the opportunity to exploit them, as we’re perhaps seeing now.

How to protect yourself

As an established, leading data breach compensation law firm, we’re often in the media talking about cybersecurity issues. This includes advice to people about how they should protect themselves and make sure that they can stay safe online in an increasingly digitised world.

At the very least, people should not just assume that their Zoom passwords are safe. Given the wealth of users’ information that’s up for sale on the dark web, everyone would do well to change their credentials immediately. And, although you should never re-use the same login credentials, if you have, you need to consider those as just as at risk.

Three simple ways that everyone can keep safe can include:

1. Use of strong, unique passwords for accounts. Never re-use credentials;
2. Make use of an account’s additional security layers that companies offer, such as two-factor authentication and notifications for login events;
3. Be careful about what you share online. It can be tempting to post your answers to another Facebook questionnaire about your first holiday destinations and first loves but, in reality, scammers can use this data against you. Many people’s memorable information they use for security is this kind of data, and some use such information for their passwords.

118 118 Money data breach compensation advice

Derbyshire Virgin Media customers come forward for compensation