About half a million Zoom account details, including usernames and passwords, were recently made available for sale on dark web crime forums. IntSight researchers believe that attackers used a four-pronged approach to strip users’ data from the popular conferencing platform, which has around 300 million active users.   Data, from hacking attacks dating back to 2013, containing usernames and passwords, were collected from the dark web. The credential stuffing attack then employed multiple bots and induced lags between the attempts to avoid being detected. Since many people re-use their passwords, the attacks returned successful logins, and the data, including names and meeting URLs, was accessed by the hackers. All these valid credentials were then bundled up and sold as a comprehensive database on dark web crime forums.   Referred to as Schrodingers credentials, because ‘they are both stolen and where they are at the same time,’ this data breach has proven costly for Zoom.

CyberManipal.

Zoom Gets Stuffed: Here’s How Hackers Got Hold Of 500,000 Passwords

April 27, 2020

More of MIST

About MIST