Over 500,000 Zoom accounts being sold on dark web: Protect yourself now

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

More than 500,000 Zoom accounts are being sold for fractions of a penny each on the "dark web" and in hacker forums. Some are even being given away.

However, these accounts were not compromised as the result of a Zoom data breach. So says Bleeping Computer with input from Singapore-based information-security firm Cyble. 

Rather, the accounts were harvested from credential-stuffing attacks, and perhaps phishing attacks, over the past few years.

• Everything that's gone wrong with Zoom (so far)
• Best Zoom alternatives for video conferencing
• New: OnePlus 8 Pro specs and prices leaked ahead of today's launch

Cyble bought 530,000 account credentials for about 0.2 cents each. The accounts included email addresses, Zoom passwords, Zoom personal meetings URLs and Zoom host keys. Many of them were clearly associated with universities and corporations, including Chase and Citibank.

How to protect your Zoom account

If your Zoom account was created before the start of the coronavirus lockdown, it might be best to change your Zoom password to something strong and unique. Doing so will protect you from the type of credential-stuffing attacks that likely resulted in this Zoom credential stash.

Credential-stuffing attacks are when criminals try to access uncompromised online accounts with email addresses and passwords harvested from other data breaches. They work only because so many people reuse passwords for multiple accounts. You can avoid this trap by using one of the best password managers.

Cyble runs its own data-breach notification service called AmIBreached, into which you can plug in your own email addresses or usernames to see if any have been included in data breaches and credential sets. If so, then you have to sign up for a free account to see from which company your credentials were stolen.

It's not clear whether the Zoom credentials have been added to the AmIBreached dataset yet, but if not, they probably will be soon.

It's also likely that the Zoom dataset will be added to the free HaveIBeenPwned breach-notification service as well in the next few days. You don't have to create an account to use that service.