Are you on Zoom too? For e-learning, company meeting or virtual gathering with friends..
Watch out, people! Because a cybersecurity firm claimed it has purchased about 530,000 Zoom accounts from a hacker on the dark web, according to BleepingComputer.
The firm, Cyble, told the website that it purchased the Zoom credentials for only USD 0.20 (RM 0.80) each, claiming that it will use the info to warn its customers of the potential breach.
Cyble said it was able to verify that some of the accounts are valid based on its customers’ info. The purchased accounts include details such as email address, password, meeting web address and host key, which is a 6-digit pin assigned to a user hosting a Zoom meeting.
The host key allows a person to control a zoom meeting, including starting a live stream and ending it for all participants.
Cyble first discovered that the accounts were on sale for others to buy for malicious activities like “Zoom-bombing”, which allows an uninvited guest to hack into a Zoom meeting. And some accounts were even offered for free.
The firm explained that the Zoom accounts were likely obtained by using user details leaked from other data breaches, also known as “credential stuffing attacks”.
Successful logins were then compiled into a list and offered to other hackers on the dark web.
Thus, it’s important of using a unique password for each online site. Otherwise hackers could use details gleaned from one breached site to break into other accounts.
You can check if your details have been leaked online due to a data breach at Cyble’s AmIBreached
Source : The Star