Hacked Zoom accounts being sold for less than a penny on dark web: report

Published April 14, 2020 at 3:13 pm

Anthony Urciuoli/hamilton.insauga.com photo

The COVID-19 pandemic and subsequent self-isolation guidelines around the world have led to an influx of Zoom users, for both personal and professional use. It’s also provided hackers with added opportunities to attack unsuspecting users.

According to tech website BleepingComputer, half-a-million Zoom accounts are being sold on the dark web and hacker forums for less than a penny each. In some cases, the website says the accounts were given away for free.

BleepingComputer spoke to cybersecurity intelligence firm Cyble, who said users’ credentials are gathered through “credential stuffing” where threat actors attempt to login to Zoom using accounts leaked in older data breaches.

According to the website Imperva, “credential stuffing is a cyberattack method in which attackers use lists of compromised user credentials to breach into a system. The attack uses bots for automation and scale and is based on the assumption that many users reuse usernames and passwords across multiple services.”

“Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities,” according to BleepingComputer. “Others are sold for less than a penny each.”

The tech website recommends changing your Zoom password if it’s used elsewhere.

You can also check if your email address has been leaked in data breaches through the Have I Been Pwned and Cyble’s AmIBreached data breach notification services.

Tips in the event of a cyber incident

If you have been involved in a cyber incident and provided personal information or financial information:

  1. Call your bank. If your bank account or credit cards are involved, you’ll want to report it, and cancel cards, right away to avoid being liable for the losses.
  2. Call the police and keep note of the report number for reference.
  3. Call Canada’s main credit reporting agencies and put a fraud alert on your credit report:
    1. Trans Union Canada (1-866-525-0262, Québec 1-877-713-3393)
    2. Equifax Canada (1-866-779-6440)
  4. Call Service Canada at 1-800-O-Canada if any of your federally-issued ID was compromised (for example social insurance number or passport).
  5. Contact the Canada Revenue Agency. If you believe your Canada Revenue Agency (CRA) user ID or password has been compromised or to disable online access to your information on the CRA login services, contact the CRA.
  6. Call your province/territory. If you believe your driver’s licence or health card was compromised, contact your provincial or territorial ministry responsible for transportation or the provincial or territorial government department responsible for health.
  7. Call the companies where your identity was used. They will tell you what information they need, whether an investigation has been started and how you can recover the money that was stolen.
  8. Call the Canadian Anti-Fraud Centre (CAFC) at 1-888-495-8501 or visit www.antifraudcentre.ca to report any incidents of fraud or cyber-related fraud.

Cybercrimes in Canada can be reported directly to the Communications Security Establishment (CSE).

INsauga's Editorial Standards and Policies