Cyble was able to buy 530,000 accounts for $0.0020 each, and some were given away free of charge to allow "Zoombombing" attacks. This does not mean that Zoom was hacked-the accounts were obtained using "credential stuffing" where hackers use passwords and emails leaked in previous data breaches.
This does not mean that Zoom has been hacked-accounts have been obtained using "credential stuffing" where hackers use passwords and leaked emails in previous infringements of data.
If you use the same email and password across lots of different accounts, including your Zoom account, you should try and change your password to a unique one.
Researchers on cybersecurity found the credentials for more than 500,000 Zoom accounts either for sale or on the dark web, as reported by Bleeping Computer.
Cybersecurity company Cyble found the accounts, many of which were sold for less than a penny per account. Some were released on hacker forums in bulk for free so people could use them for "Zoombombing"-a form of trolling where malicious actors drop into Zoom calls and post graphic or offensive content.
Recent Zoombombing reports have included trolls targeting antisemitic abuse in a virtual synagogue, screaming racist slurs in a colored women's meeting, and trolls dropping into anonymous virtual alcoholics meetings to taunt their members.
Cyble was able to purchase approximately 530,000 accounts for $0.0020 each, thus obtaining their email address, password, personal meeting URL and host key (the Zoom meeting hosts can use the 6-digit pin number). Many of the selling accounts belonged to companies or institutions including Chase, Citibank and many universities. Bleeping Computer was told by the firm that it had begun to see accounts pop up for sale since April 1, with posters seeking to boost their reputation among hacker community.
This is not to say that Zoom was hacked. Although the videocall service has been beset with privacy issues since the onset of the coronavirus has driven millions more people to its service, the accounts for sale on the dark web have been obtained using "credential stuffing" attacks. This means that hackers used password-email combinations obtained through previous hacks and tried their luck on people's Zoom accounts, meaning people would be vulnerable to re-use of previously hacked passwords.
Effective ways to negate credential stuffing include using unique passwords for each website you visit online, and checking whether your email address has been leaked using Have I Been Pwned in previous data breaches.