It was found that `` Zoom '' accounts for more than 500,000 people were bought and sold on the black market, and the price may be distributed free for less than 1 yen per account

Over 500,000 accounts of the online conferencing software Zoom,

which has many security and privacy issues, have been found to be bought and sold on hacker forums. The price is estimated to be around 0.002 dollars (about 0.2 yen) per account, and in some cases it is distributed free of charge.

Over 500,000 Zoom accounts sold on hacker forums, the dark web

This incident was reported by cyber security company Cyble . On April 1, 2020, Cyble discovers that his hacker community has a free Zoom account. According to Cyble, this kind of free distribution is done to increase fame within the community. Below is a post from the hacker community claiming free distribution of Zoom accounts.

The ID and password of the Zoom account that is being bought and sold is acquired by the

credential stuffing attack method that automatically attempts to log in to other web services using the ID and password leaked from another service. Credential stuffing can be compromised if multiple services reuse the same username and password.

The Zoom account distributed for free also had accounts related to famous American universities such as the University of Vermont, University of Colorado, Dartmouth University, Lafayette University, University of Florida.

Bleeping Computer, who reported this issue, contacted the email addresses of the free-delivered accounts and confirmed that some accounts were real. However, one user replied that 'I have changed my password', and it seems that some of the accounts that are subject to trading are unavailable.

For the sake of research, Cyble actually purchased 530,000 Zoom accounts on all hacker forums. The purchased account contained information such as email address, password, meeting URL, and host key . The list of Zoom accounts I purchased is like this. A part of it is hidden to protect personal information, but you can see that the email address, meeting URL, and host key are listed.

Based on the purchased account information, Cyble is able to check whether or not the Zoom account has been leaked by its own data leak notification / email address leak confirmation service '

AmBreached '.


To actually use AmBreached, select one of 'Email', 'Domain', 'Password', 'Dark Web Search' search). Enter the content you want to search in the search field. Click the magnifying glass icon on the right to see the spill status.

Also, the same type of personal information leak confirmation service ' Have I been pwned ' can confirm the leak of the Zoom account.

in Software,   Security, Posted by darkhorse_log