UPDATED 22:04 EDT / APRIL 13 2020

SECURITY

500,000 Zoom accounts found for sale on the dark web

The account details of more than 500,000 users of Zoom Video Communications Inc. have been found for sale on the dark web, the shady part of the internet reachable with special software, in the latest security concern surrounding the company.

Discovered by security researchers at Cyble, the credentials include email address, password, personal meeting URL and HostKey. Accounts belonging to Cyble clients were tested and found to be valid.

Separately, Bleeping Computer also got its hands on some of the Zoom credentials and today confirmed that the data was the result of credential stuffing. That’s where hackers use account details stolen from successful hacks of other sites to gain access, since people often reuse passwords across multiple sites.

Some of the Zoom accounts were being offered for free while other for less than one cent each “so that hackers can use them in zoom-bombing pranks and malicious activities.” The hackers are also said to be offering free accounts to “gain an increased reputation in the hacker community.”

The accounts themselves were varied with many involving university addresses but also included accounts for well-known companies including JPMorgan Chase Bank N.A. and Citigroup Inc.

While Zoom can’t be directly blamed for its users reusing passwords there are ways to provide security to users who do so. At the very least the introduction of two-factor authentication would add a barrier to entry. Alternatively, Zoom could scan user accounts again data breach lists to see if customers are reusing passwords, then force a password change where one is found.

Zoom has come to the fore during the COVID-19 pandemic, surging to the top of application downloads as millions work from home. With that popularity has also come scrutiny into its security practices and they’ve been found to be lacking.

On April 5 it was reported that Zoom was routing video calls through mainland China complete with the encryption keys used to secure the calls. Other security issues including with Zoom’s desktop apps were revealed April 1, causing Chief Executive Officer Eric Yuan to apologize the following day while committing the company to freeze feature development for 90 days to focus on enhancing security.

Security issues aside, Zoom is one of few companies that have done well out of the coronavirus pandemic. Zoom floated in April 2019 at $36 per share before closing its first day of trading at $65 per share. The company’s share price barely moved since that time until February, breaking through $100 per share Feb. 19.

Zoom’s share price peaked at $159.56 March 23 and security issues dampened investor interest only slightly. As of the close of trading today, Zoom was sitting on $135.92 per share.

Photo: Zoom

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU