For any critical account access, it is important to set up Multi-Factor Authentication (MFA), which protects accounts from unauthorized access even if the account password is stolen or guessed. Zoom provides an option for MFA but it must be enabled by the account holder. Credential stuffing is a significant problem not only for Zoom but for many online services. With so many people working from home needing to set up accounts on new systems and services many suffer from “password fatigue” and reuse passwords that are the same or similar across multiple systems. It’s important to utilize password management systems to create and manage unique and complex passwords. Users who have used the same or similar passwords to their Zoom account on other systems are strongly encouraged to change their passwords. Many cyber-criminals will make quick use of any newly breached/dumped credentials to assist in credential stuffing attacks. It is important to always change passwords when a new breach is announced because of this fact. More information on this incident can be found at https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/

Instructions for setting up multi-factor authentication to protect Zoom accounts can be found here: https://support.zoom.us/hc/en-us/articles/360038247071-Setting-up-and-using-two-factor-authentication