Cataloged overnight like the essential tool of any good teleworker, the Zoom videoconferencing application is a victim of its success. In a few weeks, cyberexperts intrigued by its popularity have highlighted its multiple security flaws. Latest scandal to date: accounts of more than 530,000 users are for sale on the dark web.
Read also: The Zoom application caught in breach of security and confidentiality
The data offered contains not only e-mails and passwords, but also personal meeting URLs and administration codes. Each account costs no more than a penny, and some are even "offered" to promote zoombombing , the practice of getting into a private conversation and harassing its members, for example by sharing pornographic content.
The credential stuffing technique
Several American universities and companies, such as the Citibank firm, would be particularly affected by this leak. However, this situation would not be due to Zoom's flaws, but in part to the bad habits of its users. According to Cyble, the cybersecurity company that spotted this illegal sale, the identifiers were not hacked but obtained by the technique of credential stuffing . The hackers simply collected passwords from old hackers, and tried their luck on Zoom accounts. We cannot repeat it enough: in order to preserve your digital security, use different passwords for each of your accounts.