Hackers put more than half a million login details for the teleconferencing app Zoom on the dark web, the Sunday Times newspaper reported.
The logins were put up for sale at 1 pence (1.25 cents) each and were discovered and bought by cybersecurity intelligence company Cyble, the paper said. Cyble purchased the logins from a Russian-speaking person on the Telegram messaging service, which allows anonymous messaging.
Zoom Video Communications Inc. has seen global usage of its service surge during coronavirus shutdowns, but has come under increasing pressure over vulnerabilities in the app’s software encryption. The company has been sued amid accusations it hid flaws in its app and has seen cases of online trolls sneak in and disrupt web meetings with profanity and pornography.
Zoom’s shares have more than doubled this year alongside its meteoric rise in popularity, but privacy and cybersecurity experts have expressed skepticism. From Elon Musk’s SpaceX to New York City’s Department of Education, agencies around the world have begun to ban usage of the app amid security concerns.
It’s common for web services to be targeted by activity which involves bad actors testing large numbers of already compromised credentials from other platforms to see if they’ve been re-used, a Zoom spokesperson said in a statement.
Zoom also said it’s hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a company that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials.
“We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,” the spokesperson said.