Researchers discovered a cyber-criminal selling over 500,000 Zoom user accounts on a Darknet forum. The accounts ranged from being given away for free to less than a penny per account. According to the researchers, the accounts were not compromised through any sophisticated means but rather through credential stuffing. Credential stuffing involves criminals taking login details from other breaches and testing passwords against accounts on another system. Several of the owners of accounts that were being offered up online were contacted by Bleeping Computer and confirmed that the credentials listed for their account were correct.
Analyst Notes
For any critical account access, it is important to set up Multi-Factor Authentication (MFA), which protects accounts from unauthorized access even if the account password is stolen or guessed. Zoom provides an option for MFA but it must be enabled by the account holder. Credential stuffing is a significant problem not only for Zoom but for many online services. With so many people working from home needing to set up accounts on new systems and services many suffer from “password fatigue” and reuse passwords that are the same or similar across multiple systems. It’s important to utilize password management systems to create and manage unique and complex passwords. Users who have used the same or similar passwords to their Zoom account on other systems are strongly encouraged to change their passwords. Many cyber-criminals will make quick use of any newly breached/dumped credentials to assist in credential stuffing attacks. It is important to always change passwords when a new breach is announced because of this fact. More information on this incident can be found at https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/
Instructions for setting up multi-factor authentication to protect Zoom accounts can be found here: https://support.zoom.us/hc/en-us/articles/360038247071-Setting-up-and-using-two-factor-authentication
