Hundreds Zoom accounts are displayed on the dark web: While the pandemic Coronation affects a large number of countries around the world, many resort to the use of applications, video calls and teleconferencing. One of these applications is Zoom, but it has introduced a number of security issues so far, and now adds a new issue for the popular teleconference application - user accounts are displayed on the dark web.
The cyber security company Sixgill recently discovered a collection of 352 Zoom accounts that have been compromised. These accounts were shared by a user on a popular dark web forum. This leaked information to Zoom users, such as the address e-mail, passwords, meeting ID and computer name. The stolen ones credentials were highlighted based on the type of Zoom account, which means that some of the information stolen included users who pay an amount for better service in the application. Dov Lerner, head of research security in Sixgill, told Mashable that hackers They thanked the anonymous user for sharing this sensitive information with Zoom users, with one revealing that he was going to troll meetings in the app. However, online trolling is not the only thing one can do with the information shared by these Zoom accounts. The information could be used for troll to the detriment of the account holder or those involved in the calls. At the same time, these credentials could be used for corporate or personal surveillance, identity theft and other malicious activities, according to Lerner. There are several ways a hacker can use the accounts that have been compromised. According to Sixgill, while its security researchers found that most of the 352 accounts were personal, some belonged to educational institutions or small businesses, and one of the accounts was a major US healthcare provider.
But what is the dark web where these accounts were shared?
Dark web is an anonymous web site that includes websites, forums and other online destinations that require access to a specific web browser called Tor. This means that users cannot visit these sites simply by typing a URL in Google Chrome or to Firefox. After all, these sites do not appear in search engines.
The collection of zoomed-out Zoom accounts was discovered by Sixgill on April 1, given the growing number of comments posted on Zoom about its security practices and privacy protection. While this is a fairly popular teleconferencing app chosen by many in anticipation of the Coronation Pandemic, it raises important security issues. Security researchers have pointed out that the application can be used by employers to effectively spy on their employees during remote work. In addition, it recently came to light that Zoom leaked user data to Facebook, while the same happened with LinkedIn, exposing users without their knowledge. An error was also detected that allowed hackers to steal passwords Windows via Zoom. These security issues have been circulating on the Internet, prompting the implementation of the term "Zoom-bombing", which refers to finding a meeting ID and violating a Zoom meeting. The accounts discovered by Sixgill included meeting IDs, which means that all of these users could be the subject of a specific action. Things have changed so much that last week Zoom CEO Eric Yuan apologized for the security issues, stressing that the company will focus on fixing security errors and protecting users' privacy for the next 90 days. But one thing the company needs to do more is explain how credentials from 352 Zoom user accounts were found in the hands of hackers.