In these difficult times when we are all socially distancing, millions have taken to platforms like Zoom to stay in touch with loved ones. But as we have said earlier, criminals, especially those in cyber space have not been slow to recognize an opportunity.
In a recent report of Forbes, Lee Matthews reported on the risk reporting that The cyber risk assessment experts at Cyble recently discovered a hacker selling stolen Zoom credentials at dirt-cheap prices — and in some cases giving them away for free.
Cheap as chips
Matthews says that Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys. Cyble reached out and confirmed that the credentials were indeed valid.
Password peril
Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct. In at least one case, however, the password listed was one that the user had long since changed.
It’s likely that most — if not all — of the half-million-plus passwords on offer are old. They might be new to the Zoom accounts in question but may well have been used elsewhere by the same individuals.
Password re-use remains a huge security issue for the general public. Fatigued users feel like they can’t remember yet another password so they set up new accounts using an old stand-by.
The problem is that by now all of those old stand-by passwords have been filed away in databases by criminal hackers. They’re actively using them to break into accounts using brute force attacks.
Billions over the past several years have exposed usernames, email addresses, and passwords. Creating a new account on Zoom — or any service, for that matter — is simply not a good idea.
Hackers will come knocking. It’s not a question of if. It’s a question of when, Matthews warns.
To keep your own account from falling victim to a brute force attacks use unique, strong passwords. Passwords so strong you can’t even remember them.
If you think your may have been targeted then contact us now at Wilsons Detectives in collaboration with Aubrey and Lloyds. For us this crisis is still ‘business as usual’ and we would urge you to take action immediately, waiting for the end of the crisis might be leaving it too late. Contact us now at wilsonslondon@outlook.co