Do you use video conferencing software? Is your business or are you individually using Zoom? If the answer to both of the above questions is ‘yes’ then your Zoom password may have been one of the 500,000 login credentials being sold over the dark web for less than a penny. Furthermore, in some cases these Zoom passwords are literally being given away for free!
According to a leading cybersecurity firm, hackers are believed to have stolen Zoom passwords by making use of credential stuffing attacks which essentially means that they use passwords that have been acquired as a result of previous data breaches. At this stage, hackers are hoping that Zoom users are continuing to use the same passwords as they do on other compromised websites. Once they have struck lucky with a login, they simple collect it and then sell to other cybercriminals.
Furthermore, this leading cybersecurity firm was able to acquire over 530,000 Zoom passwords for just $0.20 per password. As well as being able to purchase the password, each of these purchased accounts came with even more sensitive data including the victim’s email address, personal meeting URL & their HotKey which is used to control their Zoom meeting.
On one certain occasion, the leading cybersecurity firm identified that over 300 Zoom accounts were from colleges and universities and that they were being given away for free. Moreover, the leading cybersecurity firm identified the fact that hackers gave away these details for free to improve their standing in the hacker community.
To check the validity of the details being sold, an IT magazine, BleepingComputer emailed some of the email addresses that were given away by dark web hackers and got responses stating that the details that they had were correct.
As more and more people switch to remote working for the foreseeable future as a result of the Coronavirus pandemic, Zoom has seen a significant surge in usage. However, the main issues of this sudden surge in usage has opened Zoom up to security vulnerabilities.
This point was accepted by Eric S. Yuan, Zoom’s CEO who stated that ‘We moved too fast...and we had some missteps. We’ve learned our lessons and we’ve taken a step back to focus on privacy and security’.
So what do I do if I believe that my business data has been compromised?
The first port of call is to check whether your data has been compromised by allowing Advantage to complete a FREE dark web report, at the same time it would be useful to get your business Cyber Security certified to help you get and stay secure.
Furthermore, it would then be a good idea to get a full IT audit completed to ensure that your IT systems are secure as well reviewing your cloud platforms used to secure your sensitive business data.
Lastly, if Zoom is failing to provide you with a fully secure and reliable video conferencing platform then perhaps you should consider making the switch over to Microsoft Teams?
To discuss your specific requirements in more detail, feel free to call us on 020 3004 4600 or complete our online contact form.
If you are looking to get articles like these delivered straight into your inbox, then perhaps you should sign up to our mailing list.