At least 500 thousand Zoom user accounts, a videoconferencing program, may be sold on dark web forums. According to intelligence firm Cyble, e-mails and passwords from thousands of people are being marketed for a penny each or even for free. The data would be available for about two weeks, with the first leaks dated April 1. The date coincides with the day when Zoom came to the public to give its opinion about the repeated privacy problems of the video calling software, which gained popularity with the beginning of the quarantine due to the Covid-19 pandemic. Apparently, the leak does not affect users who use Google or Facebook to log into the service.
#FiqueEmCasa: tips and news help you work from home office
THE dnetc contacted Zoom's advisory office in Brazil asking for a position on the case. The company reinforced its concern for the safety of users and explained that it has been investigating and working on solutions to these problems. Also according to the company, this type of attack does not usually affect corporate customers. At the end of the text, the Zoom note can be read in full.
Zoom has half a million passwords exposed on dark web forums Photo: Paulo Alves / dnetc
Want to buy cell phones, TV and other discounted products? Meet Compare dnetc
According to the website Bleeping Computer, several random samplings from the databases obtained by Cyble revealed active accounts in Zoom, confirming the legitimacy of the leak. Some passwords, however, do not work and may come from old attacks.
The accounts would have been made available almost or totally for free as a means of increasing the reputation of hackers in the forums. Experts speculate that the credentials are intended primarily to break into other people's meetings and cause intentional disruption, a practice known as zoom bombing.
See also: Home office: see tools for working at home on the coronavirus
Home office: see tools for working at home on the coronavirus
Two weeks ago, Zoom defended itself against privacy and security criticisms saying that the program was created to serve companies and universities with their own IT teams. This feature would have left the app vulnerable in unpredictable usage scenarios, caused by the sudden increase in use of the tool in the home office. Before the pandemic, the number of video calls in the service reached a maximum of 10 million per day. Currently, the volume reaches 200 million meetings daily. As a consequence, the developers claim that previously unknown security problems were evident.
However, the survey of the Bleeping Computer points out that several blocks of data exposed on the dark web are linked to educational institutions, with the domain ".edu". One carries 290 credentials with e-mails from US universities. For the time being, it is not known whether the database includes information from Brazilian institutions.
Zoom is committed to making security improvements to the software. Some of them have already been made, such as the change in integration with Facebook accused of collecting too much data from the user. The company also promised to invest in measures like rewards programs to find vulnerabilities and publish transparency reports.
Hackers offer free university accounts on the dark web Photo: Reproduo / Bleeping Computer
Zoom users must change the password used in the program to prevent the account from being hacked. In addition, it is important to change the password for all sites where the same code was used. Leakages of this type usually provoke a wave of attempts to attack the most varied services in an attempt to victimize users who usually repeat passwords.
Services like Have I Been Pwned already have an updated database and can tell if an email address has been put up for sale. However, it is prudent for every user of the service to change their password to avoid problems. Who created an account by logging in with the Google or Facebook account in the affected by the leak.
In addition, it is important to take security precautions to protect yourself from break-ins at meetings, such as using the guest password, creating a waiting room and applying restrictions to participants. Finally, if you or your company deals with sensitive data, the recommendation is to look for more secure communication programs that offer encryption, such as Threema and Signa.
Zoom explained to dnetc that it is concerned with the privacy of users and is investigating the case. The following is the full note of the company sent to dnetc:
It is common for internet services that serve consumers to be the target of this type of activity, which usually involve malicious actors testing a large number of already compromised credentials from other platforms to verify whether users have reused them elsewhere. This type of attack generally does not affect our corporate customers who use their own sign-on systems. We have already hired several intelligence companies to find these password dumps and the tools used to create them, as well as a company that shut down thousands of websites trying to trick users into downloading malware or giving up their credentials. We continue to investigate, blocking accounts that we discover are compromised, asking users to change their passwords to something more secure, and we are considering implementing additional technology solutions to support our efforts.
Via Bleeping Computer and Zoom