Cybersecurity researchers find over 500,000 Zoom account credentials for sale on dark web

Photo (c) Rutmer Visser - Getty Images

Consumers are encouraged to use a unique Zoom password to reduce the possibility of account exposure

Researchers at cybersecurity intelligence firm Cyble were able to find and purchase more than 500,000 Zoom accounts from hacker forums and the dark web earlier this month, according to BleepingComputer

Many accounts could be purchased for less than a penny each, while others were being sold in bulk for free. 

Cyble said victims’ email addresses, passwords, personal meeting URLs, and their HostKey (the 6-digit pin number Zoom meeting hosts can use) were out there and available for purchase. After buying the credentials, the researchers were able to gain an increased reputation in the hacker community.

BleepingComputer said it reached out to a subset of the owners of the exposed email addresses, and many confirmed that the listed credentials were correct. However, one user said that the listed password was an old one.

A large number of the accounts for sale were owned by companies or institutions including Chase, Citibank, and educational institutions. 

What to do

The information leaked was obtained through "credential stuffing" attacks, meaning hackers took password-email combinations from previous hacks and carried them over to Zoom accounts.

Those concerned about the possibility of exposure are encouraged to change their Zoom password if used elsewhere. Using a unique password will help lower the chance of having information exposed during a past breach being leaked again at another site. 

Consumers can also check to see if their email address has been leaked in data breaches through the Have I Been Pwned website or Cyble's AmIBreached data breach notification service, Bleeping Computer said. 

Take an Identity Theft Quiz. Get matched with an Authorized Partner.