What the Tech? Some Zoom Usernames and Passwords Have Been Stolen
Zoom is one of the big tech stories of the coronavirus pandemic. Over 2 million have people signed up since January.
It’s being used by teachers for schoolwork, for business meetings, and families staying in touch.
But trolls are bombing many of those meetings, using foul language and displaying pornographic images. How are these trolls gaining access to Zoom meetings that are protected by passwords? They’re buying login information on the dark web.
Researchers with the cybersecurity company Cyble found over a half-million Zoom usernames and passwords for sale for less than a penny, others were being given away.
With that information, anyone can login to account and join a meeting. But this isn’t the fault of Zoom.
The company wasn’t hacked. The researchers discovered the login information was obtained through what’s called “credential stuffing” attacks. What this means is that the hackers use accounts that were previously stolen. Like LinkedIn, MGM Resorts, MySpace and Zynga breaches.
Why does it work? Former FBI Special Agent Scott Augenbaum explains.
“About 60% of the population is using the same password for multiple accounts. The bad guys have stolen billions of passwords and usernames and they’re all on the dark web right now.”
So the bad guys get the login credentials of one account, they’ll try other accounts to see which ones share the same username and password. That’s what happened in this case.
So what can you do? You just have to use separate passwords for all of your accounts.
Especially for accounts that have a lot of your personal information, bank accounts and any account that has access to your bank account or credit card.
Now that you’re stuck at home, this is a good time to change those passwords. Write them down if you need to.
They’re safer on your desk at home or hide them in a book. If you have a Zoom account, you should change it immediately.
