![]() ![]() The fact that over half a million valid logins were found indicates that Zoom did not have adequate preventive measures in place. This is not a breach of Zoom’s internal security, but it can still be regarded as another security failing by the company.Ĭredential stuffing attacks are more sophisticated than a basic “brute force” approach of trying lists of username and password possibilities with an automated script. Given that Zoom has added so many users in such a short period, a credential stuffing attack on the service was entirely predictable and should have been expected. ![]() So, in terms of private or confidential information leaking out, the total number of impacted parties is probably far greater than the number of accounts for sale.Ĭyble combed through the list of available accounts and found that some belong to employees of Chase Bank and Citibank as well as a number of universities around the world. ![]() This gives a malicious actor access to not just the account, but to the contents of any meetings it might have either hosted or been a party to. The firm verified that the accounts are legitimate each contains the username and password as well as registered email address, host key, and personal meeting URL. Zoom accounts for sale or rent, as low as $0.0020 centsĬybersecurity firm Cyble discovered at least 530,000 Zoom accounts listed for sale on dark web hacker forums. However, the sheer number of Zoom accounts that were compromised in this way indicates that the video conferencing service has not been checking registered usernames and passwords against lists of known breached account credentials. It’s to be expected that among the millions of users that have flocked to Zoom in the past two months will be some that re-use credentials that have been breached in other attacks, perhaps unbeknownst to them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |