A database that contained more than 2,300 compromised Zoom credentials were found on an underground forum in the dark web. Some of the records also included meeting IDs, names and host keys.
The database was discovered by the researchers at security firm IntSights and according to their report, the analysis of the database revealed that aside from personal accounts, there were many corporate accounts belonging to banks, consultancy companies, educational facilities, healthcare providers, and software vendors, amongst others.
Experts have found several posts and threads regarding how to target Zoom’s conferencing services. The most debated uses are Zoom checkers and credential stuffing. Checking services are used in credit card fraud in order to check whether a stolen credit card is “fresh” by making a micro-donation.
Credential stuffing attacks is a type of brute force attack that uses the stolen login credentials mainly obtained through phishing attacks and data breaches.
The source of the Zoom credentials Is not known at present by according to experts, it was not stolen from the company.
The compromised credentials can also be used to launch denial-of-service attacks, or to join meetings and interrupt the meeting with music or videos which is popularly known as “Zoom bombing.”
The use of video conferencing service is on the rise due to the coronavirus pandemic, so is the case with cyber-attacks too.