Security News > 2020 > April > Zoom Credentials Database Available on Dark Web

Zoom Credentials Database Available on Dark Web
2020-04-10 13:15

Researchers have found a database of Zoom video conferencing credentials ranging from just an email and password to also include meeting IDs, names and host keys.

The latter is possible because Zoom users are remarkably lax about protecting the details - and of course it could be just a small subset of a larger collection of credentials not made available to others.

These credentials available in the database range from personal accounts to corporate accounts for banks, consultancy companies, educational facilities, healthcare providers, and software vendors.

"What was interesting to me," Etay Maor, CSO at IntSights told SecurityWeek, "Was some of the discussions that followed the database being offered on the dark web. They were around how to automate attacks against Zoom. What's happening is the use of 'Zoom checkers'." A checker is a concept from bank card fraud, where a micro payment is made against stolen card credentials to check that the account is live and valid.

The attacker, with access to the CEO's Zoom account, could email the CFO and say, "I need to talk to you. Hop on Zoom will you." From there it's just the standard social engineering that criminals have perfected - possibly blurring the voice with added noise, making the video difficult to see, using Zoom by phone, etcetera.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/p9m3_noKPgA/zoom-credentials-database-available-dark-web

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 54 4 51 80 12 147