Details belonging to more than 500,000 Zoom users have been published on the dark web. This information has also been sold, exchanged and shared without user consent.
A report this week suggested that this major data breach was first identified by the cybersecurity firm Cyble who later bought these credentials through a forum on the ‘dark web’ which were selling them for .002 cents each. The firm identified the breach as many of the sold accounts were created by its clients, confirming that they were legitimate details.
According to Cybe, hackers were able to gain information such as email addresses, passwords, meeting URL links and host keys through “credential stuffing”, a type of cyber-attack. The process of “credential stuffing” allows data leaked first by another online site is pulled from sections of the dark web and used to weaken new accounts. Individuals who use the same login information to match multiple accounts are especially vulnerable to this threat.
This is not the first security issue regarding Zoom in recent weeks. Last week, similar security breaches were noted by Sixgill, a cyber-security firm, who indicated the dangers of unauthorized access to individuals’ accounts. The way Zoom collects and stores data has also come under scrutiny for using methods such as attention tracking, with experts stating the app is “unlikely to meet GDPR requirements of privacy”.
One of the concerning practices is ‘zoom-bombing’, now subject to prosecution in the United States. This method allows individuals to hack into calls.
Dov Lerner, a researcher for Sixgill, one of the cyber-security firms investigating Zoom’s practices said that the leaked information could pose a serious threat and be used for more dangerous purposes such as “corporate or personal eavesdropping, identity theft, and other nefarious actions.”
Zoom responded to these security concerns with the app’s founder Eric Yuan saying on 1st April.
We recognize that we have fallen short of the community’s—and our own—privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.
Yuan then continued his statement by outlining Zoom’s intended plan to combat these issues including the tightening of its privacy and security policies.
There are a couple of ways we would advise to help protect your Zoom account. First, use a free site to determine if your data has been breached. You might want to change your password anyway even if your email address wasn’t involved in the hack. Check your Zoom settings and change your personal meeting ID to help make sure you won’t get uninvited guests dropping in on your meetings.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.