Zoom continues to be privacy nightmare; hacked accounts selling on the dark web
Zoom.us, which has become the default video conferencing tool post the coronavirus outbreak, continues to face backlash over privacy and security issues.
In the latest turn of events, cyber risk assessment firm Cyble discovered that over 500,000 Zoom accounts are being sold on the dark web.
An unidentified cyber hacker is giving away Zoom credentials, including meeting URLs, email ids, passwords, and HostKeys, at dirt-cheap rates or for free. Security researchers also believe that the half million passwords on sale are from old Zoom accounts, which are being distributed to new users for less than a penny each.
However, Cyble also points out that these attacks are not unique to Zoom.
"These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers," it stated.
It isn't the first time that Zoom has come under the scanner this year.
The Silicon Valley startup, which has gone from 10 million to 200 million daily users in practically no time, has been criticised for its lack of end-to-end encryption of meeting sessions and conferences. Users have also complained of “zoombombing”, where uninvited guests have crashed into virtual meetings.
The rising concerns were addressed by Zoom CEO Eric Yuan in a recent blog post.
"For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus... We recognise that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it," Yuan said.
The platform, which was originally built for enterprise users, has witnessed large-scale global adoption in the last two months.
From IT offices and government agencies to schools, universities, healthcare workers, and even individual users — everyone has hopped onto Zoom as their mobility stands restricted due to coronavirus-induced lockdowns.
However, things could turn with global corporations and even state authorities warning their people about Zoom's mounting security concerns. According to a Reuters report, Standard Chartered Bank sent a memo to its staff advising them to stop using Zoom for video collaboration purposes.
"Banks have particular worries about cybersecurity because of regulations that can penalise them for exposing customer information, even if inadvertently," the report stated.
Earlier, Elon Musk’s SpaceX, New York City’s public school system, and state governments of Taiwan and Germany have placed restrictions on Zoom usage.
Edited by Saheli Sen Gupta