Change Your Zoom Password NOW
Many of the more than 500,000 Zoom accounts that were for sale on the dark web belonged to university accounts.
Hackers used password-email combinations obtained through previous hacks and tried their luck on people’s Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable.
If you use your go-to password for Zoom, consider changing it, according to a new report about cybersecurity researchers finding credentials for more than 500,000 Zoom accounts on the dark web.
Business Insider reports cybersecurity firm Cyble discovered the accounts, many of which were being sold for less than one cent per account. Others were being given away in bulk on hacker forums to be used for “Zoombombing” that allows bad actors to hijack Zoom meetings.
Cyble purchased about 530,000 accounts for $0.0020 each. The information purchased included email addresses, personal meeting URLs, and the six-digit pin number meeting hosts use to set up the call.
Many of the accounts for sale belonged to enterprise customers like Chase and Citibank, while others were for university accounts.
Zoom has been plagued with security and privacy issues for the last few weeks, but Zoom might be off the hook for this one, Business Insider notes.
“This doesn’t mean Zoom got hacked. Although the videocall service has been beset with privacy issues since the onset of the coronavirus drove millions more people to its service, the accounts for sale on the dark web were obtained using “credential stuffing” attacks. This means hackers used password-email combinations obtained through previous hacks and tried their luck on people’s Zoom accounts, meaning people who re-use previously-hacked passwords would be vulnerable.
“Effective ways to negate credential stuffing include using unique passwords for every site you visit online, and checking whether your email address has been leaked in previous data breaches using Have I Been Pwned.”
It’s generally a good practice to change your passwords periodically anyway, but it’s an even better practice to use different passwords for different platforms and programs. If your Zoom password is the same as any others, change it. While you’re at it, change your other passwords as well.
Zachary Comeau is the web editor for CS sister publication My Tech Decisions. This article originally ran in that publication.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
Good morning,
I currently receive your magazine, however I do not get any email notifications like colleagues do. This morning one of my colleagues sent me an email link to Campus Safety regarding compromised zoom issues. I have checked my “junk” email inbox and don’t see any emails there from Campus Safety Magazine.
How can I receive email notifications of new or important stuff that is happening.
Is there a way for you to check and see if I am on a mailing list?
Thanks so much.
Hi, Debbie! It looks like you were moved to our “master suppressed” list, which automatically happens when someone hasn’t engaged with our emails for a certain period of time. We have removed you from that list, so you should start getting newsletters soon! We have one scheduled to go out tomorrow morning. Glad to have you back 🙂