Breach, Content

Zoom Security: Hackers Post User Accounts on Dark Web

Credit: Zoom

Hackers are posting Zoom user account credentials on the dark web and online forums, exploiting vulnerabilities the company has admittedly left unguarded and is scrambling to fix.

In one instance, a hacker posted a link to more than 350 compromised Zoom accounts that included confidential personal information such as email addresses, passwords, Zoom meeting IDs, host keys, names and the type of account. Many of the posted accounts likely belong to businesses, with one owned by a major U.S. healthcare provider, seven held by educational institutions and another belonging to a small business, according to Sixgill, a dark web cybersecurity specialist.

“On April 1st, an actor in a popular dark web forum posted a link to a collection of 352 compromised Zoom accounts,” Sixgill told Yahoo Finance in an email. The accounts were reportedly listed for hackers to troll rather than profit, the company said. Sixgill posted on Twitter a screenshot of the dark web forum post about the compromised Zoom accounts.

And, in a separate episode a cyber criminal posted a stolen database housing some 2,300 Zoom account usernames and passwords, many of which belonged to banks, consultancy companies, educational facilities, healthcare providers, and software vendors. Some heisted account information included meeting IDs, names and host keys, Etay Maor, chief security officer for global threat intelligence firm at New York-based-IntSights, said in a blog post.

“Realizing most of the workforce is now required to do their jobs from home, threat actors are actively looking for ways to gain access to collaboration and communication tools, like Zoom,” Maor wrote. There’s been a “stark increase in chatter” on dark web forums of video conferencing and collaboration vulnerabilities, he said.

Zoom Security: 10 Steps to Take

ZDNet has posted 10 recommendations to maintain the security of Zoom meetings:

1. Password protect your meetings.
Passwords can be set at the individual meeting, user, group, or account level for all sessions. All participants require the password to join the meeting.

2. Authenticate users.
When creating a new event allow only signed-in users to participate.

3. Don't join before host.
Do not allow others to join a meeting before the host has arrived.

4. Lock down your meeting.
Lock the meeting once every expected participant has arrived. This will prevent others from joining even if meeting IDs or access details have been leaked.

5. Turn off participant screen sharing.
No one wants to see offensive material shared by a Zoom bomber. Disable the ability for meeting attendees to share their screens.

6. Use a randomly generated ID.
Choose a randomly generated ID for meetings when creating a new event. Attackers that know your personal meeting ID could disrupt online sessions.

7. Use waiting rooms.
The waiting room feature is a way to screen participants before they are allowed to enter a meeting. While legitimately useful for purposes including interviews or virtual office hours, this also gives hosts greater control over session security.

8. Avoid file sharing.
Share material using a trusted service such as Box or Google Drive instead of the file-sharing feature of Zoom meetings.

9. Remove nuisance attendees.
If someone is disrupting a meeting you can kick them out under the "Participants" tab.

10. Check for updates.
As security issues crop up and patches are deployed or functions are disabled, make sure you have the latest build.

Zoom: Victim of Its Success?

While there’s no defending Zoom for putting users at a security risk, there’s also no question that its meteoric, dizzying rise from a little-known enterprise application to a mass appeal platform caught the company by surprise and brought with it serious stumbles and bumbles. So far this year, Zoom has added 2.2 million monthly active users, more than the 2 million it added in all of 2019.

Zoom chief executive Eric Yuan has admitted several times that the company was caught flat-footed by a flood of teleworking users from the coronavirus pandemic and that it got wrapped up in its growth and failed to attend to serious security issues, notably "Zoombombing" that allows an intruder to crash and disrupt a meeting. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he said in a recent blog post.

In response to the heavy criticism level its way, Zoom last week said it has created a new security panel and advisory board and hired former Facebook chief security officer Alex Stamos as an outside advisor. Zoom officials said establishing the CISO (chief information security officer) council is part of its three-month plan to “better identify, address, and fix issues proactively and improve the safety, privacy, and security of its software platform.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.