Zoom which is a Video Sharing and conferencing application was reportedly been breached and over 500,000 user accounts was publicly sold on Dark net.
Zoom is a free HD meeting app with video and screen sharing for upto 100 people. Zoom was launched on Google Playstore on Jan 24, 2013, which is a long time now. So, what is the hype all about.
The attention came upon this company when the world-wide lockdown started due to Corona Virus pandemic and people started work from Home. Mostly educational institutes and small businesses.
Zoom was in the headlines for about last two weeks as there was major allegations on this app that it intrudes in user’s privacy and protection. It was reportedly alleged of Data Mining, Tracking users, using user information for marketing and other shady stuff.
Recently, a vulnerability was founded on Zoom app, which can be use to get Windows login and password. According to Cyber-security experts, the Zoom app is vulnerable to “UNC Path Injection” vulnerability that could allow attackers to steal Windows login Credentials and perform Arbitrary Code execution.
So what’s the breach ?
A report from Bleeping Computers states that the hackers have potentially breached the Zoom app and get around 500,000 username and passwords from there, which are now selling on Dark net for about $0.0020.
The attack was done using Credentials Stuffing technique, in which the attacker tries the username and passwords using automated script and test the successful logins in Web Application. It is not like Bruteforcing accounts, in this the attacker already has a bunch of credentials and he just tries them out. At last the successful logins was considered working and final database was then sold.
The account credentials include email address, passwords personal meetings URLs, Host keys etc. According to report, 290 accounts was of universities and colleges like University of Florida, University of Colorado etc. and some of the big companies like Citibank, Chase and more.
If you are a user of Zoom, then quickly change your password, as it is the last you can do. In my opinion, one should not use this app anymore as it is a controversial one and your data should be protected. There are many alternatives available in market like Skype, Google Duo, Google Hangouts. For sending texts, pdfs, docx – Google Classroom. And for Audio chatting, Discord is a good option to choose. Stay Safe, and Beware of the bad side of technology.