Cyble, a cybersecurity company, first noted the situation on April 1st: half a million Zoom accounts for sale on the dark web, available at a bulk price of $0.002 per account. Other accounts are reportedly being shared for free.
The video conferencing platform has been under intense scrutiny during an unprecedented moment when the world is depending on its technology more than ever. Following various issues, they halted all features development for 90 days in order to address the multiplying security concerns.
What information was compromised in this incident?
- Email addresses
- Personal meetings URLs and host keys
The host key is a six-digit pin tied to a user’s account that is used to claim host controls for a meeting.
Was Zoom hacked?
No. The breached accounts appear to be an instance of credential stuffing, a type of attack in which hackers use previously stolen account credentials in a large-scale, automated attempt to gain access to a different company’s accounts.
What is the best way to protect yourself from this type of credential stuffing attack?
Stop reusing the same passwords on multiple accounts. All your accounts—but especially those that store sensitive information like credit card or social security numbers—should be protected with strong, unique passwords. A strong password has a minimum of 8 characters and includes a mix of uppercase letters, lowercase letters, numbers, and special characters. Here are some additional tips to help you get out of the habit of reusing passwords:
Use a password manager
The average person has over 150 accounts. That is too many complex, unique passwords for the human brain to remember. That’s where password managers, like Dashlane, can help. Dashlane has a built-in password generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.
You have the option to add extra protection with two-factor authentication (2FA), especially on sensitive apps like your social media and online banking accounts.
How to keep your Zoom chats secure and private
There’s a reason Zoom is wildly popular. It’s incredibly simple and intuitive, but in removing all friction from its product, the company neglected crucial security elements—a decision they are currently reevaluating. In the meantime, here are some tips for making your Zoom conferences more secure:
Keep your Zoom link or code private
Don’t share it out on public channels or social media.
Set a meeting password
A password will keep unwanted people from crashing your meeting. Here is info on how to add a password.
Make a waiting room
This will let the host see all attendees and invite the appropriate people to join the meeting. Here’s how.
Update to the latest version of Zoom
Zoom has shifted resources to fixing the security issues so make sure to keep the app updated as changes come in. More info here.
Looking for more info?
Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.