500K Zoom Accounts Discovered for Sale on the Dark Web

online video conference

What Happened?

As organizations move to remote work during the COVID-19 crisis, online communications have become essential. Online audio, web and video conferencing tool usage have increased 400% in only one month, according to AT&T. This new popularity for virtual meetings has also seen a multitude of security exploitations on popular video conferencing sites like Zoom.

On April 14, 2020, over 500,000 Zoom account credentials were found for sale on the Dark Web. The information available for purchase include the user’s email address, password, personal meeting URL, and their Zoom Host Key — all being sold for less than a penny each. In some cases, the account credentials were being offered for free. The account details were obtained through credential stuffing attacks, where cyberthieves use emails and passwords previously exposed in other, non-related data breaches, to attempt access into other sites.

Should You Be Worried?

Credential stuffing attacks are successful when individuals use the same username, email and password for different accounts. With account access, hackers also gain visibility into the personal and financial information saved within. If you use the same email and password combination on more than one account, especially between work and personal accounts, you may be at risk. Protect yourself from account takeovers by updating all outdated and reused passwords with unique, hard to crack passcodes and saving them in a secure, encrypted password manager.

If you are part of the remote workforce, read more about the latest COVID-19 scams, plus tips to work safely from home.

4 Tips to Stay Protected

  1. Use two-factor authentication. Requiring an additional level of account security can often thwart hackers from gaining access.
  2. Invest in a password manager. Having one location to safeguard your hard-to-crack passwords alleviates the pressure to remember all logins and empowers you to update site passwords frequently.
  3. Stay vigilant of software updates. Keep the apps on your devices up to date and refresh the passwords for each account.
  4. Use VPN software to encrypt data. Protect your personal and business device against cyber vulnerabilities.

Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

Follow us on social!
Facebook | Twitter | LinkedIn 



The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

EZShield, a Sontiq brand, delivers award-winning identity protection services to both consumer and small business customers through a network of trusted partnerships. EZShield has...
Read more about The EZShield Team.

Leave a Comment.