Over 500,000 Zoom Accounts Hacked
Recently, we reported about Zoom’s efforts to check and improve their privacy and security settings during the COVID-19 pandemic. Zoom asked users to do the same.
Zoom (a video conferencing service), whose recent increase in use has surged as a result of COVID-19 remote work, is providing us with the ability to see work colleagues, clients, teachers, and fellow students in real-time on our device screens.
Many new accounts on Zoom have been secured with old, re-used passwords. Now, reports indicate that over 500,000 Zoom accounts are being sold or given away on hacker forums.
Why This MaTters
- The reality is that emerging tech goes hand in hand with emerging risk.
- This scenario involves the plight of password re-users.
- Change your Zoom password now if used elsewhere.
Now, Over 500,000 Zoom login passwords are being sold on the dark web and hacker forums after credential stuffing attacks on Zoom.
Threat actors attempt to login to Zoom using old account passwords leaked in prior data breaches. If successful, the login passwords are compiled in a list and sold to hackers to use in Zoombombing or other activities. Since their value on hacker forums is low, they are often given away.
Reports indicate that accounts for major banks and educational institutions were included. This report illustrates that the high-risk practice of re-using passwords runs the gamut from our home offices to corporate America.
Of course, some risk is borne by the product or service developer. However, users must take control of their privacy and security settings, including login credentials.
Users must implement privacy and security measures now:
- Change the Zoom password if used elsewhere!
- Zoom Password: If you set up your Zoom account using your old passwords, you can reset your password.
- Use unique, strong passwords for each service and device.
- If you cannot remember your passwords, try an app (e.g., LastPass, 1Password, DashLane) for password management.
- Zoom Meetings: Create a password for each Zoom meeting – do not re-use passwords for any of your products and services.
- Waiting Room: Create a waiting room of all participants who join the meeting – then lock it down once the meeting begins.
- Social Media: The Zoom meeting link should not be shared on social media.
Bleeping Computers: https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/
Cyber Insurance Solutions
Cyber insurance is your go-to option when you are looking to transfer some of this risk that cannot be fully mitigated:
- Social engineering coverage, including employee education and risk mitigation services
- Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
- Data breach coverage, including direct first-party losses and third-party liability and damages
- Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
- Employee training and educational tools to help prevent attacks and protect your network / data