List of half a million Zoom accounts with name, email, meeting URL and host keys

A new security inconvenience for people working from home has been reported. Information security training experts report that nearly half a million Zoom accounts are on sale on various hacking forums hosted on dark web for less than a penny (even some are available for free).

According to reports, these login credentials are obtained from the method known as credential stuffing, using usernames and passwords obtained from previous data breach incidents.

Experts from information security training firm Cyble say these leaked accounts have been exposed since the beginning of April. This information is shared through various text-sharing forums in which cybercriminals generally post email addresses and possible passwords for improper and maliciously intended access.

Researchers collected a sample of 290 accounts related to various universities in the United States, including the University of Vermont, the University of Colorado, Dartmouth, Lafayette, University of Florida, among others. All of these accounts were published for free by threat actors.

After identifying one of the individuals who posted these ads, the information security training experts managed to contact them to try to purchase a larger sample of these login credentials. Researchers bought about 530,000 Zoom credentials for $0.0020 USD. After extensive analysis, the researchers concluded that some of the Zoom accounts on display belonged to reputable companies such as Chase or Citibank, as well as multiple academic institutions, among others.

According to the International Institute of Cyber Security (IICS), any company may be the victim of a credential stuff attack, so it is recommended to use unique passwords for any online platform you use. Credential stuffing necessarily requires the use of login credentials exposed in other data breach incidents and is a very common cybercriminal practice, but the use of unique passwords greatly limits the risk of being victims of this attack.

For any user willing to know if their information has been exposed in a similar cybersecurity incident, they can consult the online platform Have I Been Pwned, which has a huge database on known cybersecurity incidents. By simply entering their email address, users will be able to know if this information has been leaked previously.