Login credentials belonging to more than half a million Zoom users have been put up for sale on the dark web.
The login details, which are available for dark web users to purchase for just one pence each, were initially discovered by researchers at cybersecurity firm, Cyble.
According to a report in the Sunday Times, researchers at the cybersecurity firm purchased the login credentials from an individual on the encrypted messaging app, Telegram.
In a statement, the video conferencing firm said: “We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
A spokesperson for Zoom added that web services are frequently targeted by cybercriminals using compromised login credentials. In response to these threats, the firm has hired a host of intelligence companies to identify password dumps and shut down websites that aim to dupe users into downloading malware.
Zoom has been in the spotlight for several weeks now as people around the world work from home amid the COVID-19 pandemic.
Since the outbreak, Zoom’s user base has increased significantly and the video conferencing app is enabling companies to coordinate operations and families to keep in touch.
However, the company has been subject to intense scrutiny due to concerning cybersecurity vulnerabilities. A spate of ‘Zoom bombings’, which sees users enter chatrooms to post obscene content or disrupt conversations, prompted the company to introduce changes.
Meeting room hosts are now able to approve which users join a room to prevent Zoom bombing incidents from occurring. Similarly, meeting rooms are now automatically password-protected to ensure safety for users.
- Working from home and the impact on data protection
- Taiwan first country to ban Zoom over security concerns
- Serious flaws in Zoom features raise security questions
Concerns over Zoom security have prompted organisations including SpaceX to ban its use, while the FBI warned users of the risks involved when sharing information on public chats.
The National Cyber Security Centre (NCSC) also issued a warning about Zoom and similar video conferencing platforms. The cybersecurity centre warned that cybercriminals are exploiting the rise of remote working tools through phishing emails that appear to be from legitimate companies. These scam emails trick users into downloading malicious files to gain access to account credentials.