While video conferencing tool Zoom was once almost exclusively used by businesses, now everyone from students to families have started using the platform to connect remotely.
But its recent spike in popularity has also put it on the radar of hackers. According to Bleeping Computer, researchers at Cyble have discovered over 500,000 Zoom account details for sale on the dark web.
Threatpost also reported that researchers at IntSights uncovered a database containing over 2,300 Zoom account details including meeting IDs, full names, and host keys, in addition to credentials.
These credentials will most likely be used by internet trolls looking to do some "Zoombombing", disrupting your online meetings with loud music and obscene imagery, for the lulz.
How did this happen?
Was Zoom the victim of a data breach? That doesn't seem to be the case. It is currently believed that these account details were gathered from various third-party data breaches using a technique known as credential stuffing.
Basically, credentials collected from previous data breaches were tested against Zoom, in hopes that there is also a Zoom account with that same username and password. Bad news for anyone who uses the same password for all their online accounts.
What can you do?Here’s how you can make sure all the Zoom accounts in use at your company are secure and prevent any unwanted nastiness from interfering with your calls.
Step 1: Sign up for MYKI
Step 2: Invite everyone on your team to join and import the passwords for all the work accounts they use
Step 3: Use the Breach Monitor feature, which will scan and compare all stored passwords with databases of previous data breaches
MYKI will identify any accounts in use at your company whose passwords match a compromised password that has appeared in a data breach. Even if none of those is a Zoom account, it still wouldn’t hurt to update those passwords as an extra precaution.
Step 4: Use MYKI’s built-in password generator to create a new impossibly complex passwords for all your team's Zoom accounts
Not only will this ensure that your own Zoom accounts are kept secure, you can also resell MYKI to your clients and help them protect their team's Zoom accounts as well.