Zoom App has been in news from the past two weeks for having security vulnerabilities that can be exploited by hackers. Now, the news is out that some hacking group/s have already exploited the flaws and have stolen over 500,000 user credentials only to sell them on the dark web for a penny each.
It’s estimated that the data was accessed by hackers through credentials stuffing, where data from data breaches explored in the past by different means is sold on the dark web.
Cybersecurity firm Cyble discovered that the credentials were available on a hacking forum for just $0.002 each and succeeded in purchasing the details which include personal meeting URLs, email addresses, passwords and the host keys which allow the Zoom users to enter a meeting such as a Webinar.
When a resource from Bleeping Computer alerted Zoom on the issue, the video conference hosting app admitted that the credentials sale could have happened due to data leak from past data breaches.
On the other hand, the company has hired a team of experts from intelligence firms to track down the password dumps online. In the meantime, the company is urging its users to change their passwords as soon as possible and to follow cyber hygiene.
Note 1- Some reports on a few technology forums state that a few of the Zoom app users have experienced a display of X-rated and racists content while they were holding conferences or online teaching sessions. However, no video clipping or image freezing evidence is available on the web in this regard to date.
Note 2– GoToMeeting, Google Hangouts Meet, Zoho Meetings, Join.me, Cisco Webex, Team Viewer, are some of the alternatives available for the Zoom app.
Note 3- From April 8th,2020 companies like Google, Amazon, US Senate, NASA, SpaceX, Tesla, New York City Schools have announced a ban on the usage of the app amongst its employees/staff.