Over 500,000 Zoom accounts being sold on dark web: Protect yourself now

How to change your Zoom background
(Image credit: Zoom; Fox)

More than 500,000 Zoom accounts are being sold for fractions of a penny each on the "dark web" and in hacker forums. Some are even being given away.

However, these accounts were not compromised as the result of a Zoom data breach. So says Bleeping Computer with input from Singapore-based information-security firm Cyble. 

Rather, the accounts were harvested from credential-stuffing attacks, and perhaps phishing attacks, over the past few years.

Cyble bought 530,000 account credentials for about 0.2 cents each. The accounts included email addresses, Zoom passwords, Zoom personal meetings URLs and Zoom host keys. Many of them were clearly associated with universities and corporations, including Chase and Citibank.

How to protect your Zoom account

If your Zoom account was created before the start of the coronavirus lockdown, it might be best to change your Zoom password to something strong and unique. Doing so will protect you from the type of credential-stuffing attacks that likely resulted in this Zoom credential stash.

Credential-stuffing attacks are when criminals try to access uncompromised online accounts with email addresses and passwords harvested from other data breaches. They work only because so many people reuse passwords for multiple accounts. You can avoid this trap by using one of the best password managers.

Cyble runs its own data-breach notification service called AmIBreached, into which you can plug in your own email addresses or usernames to see if any have been included in data breaches and credential sets. If so, then you have to sign up for a free account to see from which company your credentials were stolen.

It's not clear whether the Zoom credentials have been added to the AmIBreached dataset yet, but if not, they probably will be soon.

It's also likely that the Zoom dataset will be added to the free HaveIBeenPwned breach-notification service as well in the next few days. You don't have to create an account to use that service.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
Discord on a phone and a laptop
Reported Discord data leak disputed by third-party service RestoreCard
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
DeepSeek logo on smartphone in front of computer data
Massive DeepSeek data leak exposes sensitive info for over 1 million users — what you need to know
An open lock depicting a data breach
Massive healthcare data breach just exposed the personal info of 1 million Americans — what to do now
Latest in Video Conferencing
A composite image showing Skype and Microsoft Teams side by side
I used Skype for years, and Teams is a poor replacement for the video calling service that started it all
Google Meet
Google Meet is getting a very handy automatic picture-in-picture mode — what you need to know
Project Starline 3D video conferencing
I just tried Google’s 3D video conferencing tool launching next year — here’s what Project Starline is like
Microsoft Teams
New Microsoft Teams is live — here's the 3 biggest upgrades
Google Meet update
It's official — Google Meet is getting one of Zoom’s best features
Zoom call on MacBook
Zoom flaw allows hackers to take over your Mac — update right now
Latest in News
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far
Siri
Siri 2.0 features reportedly only working ‘two-thirds to 80% of the time’
Jack Draper in action at Indian Wells 2025
How to watch Indian Wells men’s and women’s finals: live stream tennis online