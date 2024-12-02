



Sellers are advertising them for .0020 cents each, while in some cases they are offered for free. The account credentials was not stolen by Zoom, instead, it appears the result of credential stuffing attacks that leverage records from third-party data breaches.

The data were first discovered by experts at cybersecurity intelligence company Cyble. Moreover, lists of email addresses and associated passwords were published on text sharing sites. Cyble purchased more than 530,000 on an underground hacking forum and verified that the credentials were valid, account data includes a victim’s email address, password, personal meeting URL, and their host key. In addition, a sample analysed by Bleeping computer composed of 290 accounts included credentials of accounts for many colleges, including the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida.

Recently researchers at IntSight discovered a database available on an underground forum in the dark web that contained more than 2,300 compromised Zoom credentials. Some of the records also included meeting IDs, names, and host keys. The archive comprised credentials for Zoom accounts belonging to organisations in various industries, such as banking, consultancy, healthcare software companies.