.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Zoom
Apr 17, 2020 12:50:27 PM
The target: Zoom, a popular videoconferencing service
The take: More than 500,000 username/password combinations, along with personal meeting URLs and HostKeys for active Zoom accounts were found currently for sale on the dark web.
The attack vector: Security researchers suspect that the list was not stolen from Zoom directly, but was rather compiled through ‘password stuffing’ attacks – where e-mail/password combinations from past breaches are tried against different sites and services. Attackers take previously breached username/password combinations and cycle through login attempts using the breached credentials – the successful combinations are compiled and sold.
This incident highlights a few key issues – namely, for individuals, the risks inherent in password re-use: this incident confirms that at least 500,000 active Zoom users are still re-using known compromised passwords, which attackers can use to gain control of their other accounts.
Institutionally, it highlights reputational issues – while this particular list of credentials was not exposed directly by Zoom, attackers are using the service’s popularity to market the list, and it gives the appearance of being yet another in a string of recent security incidents the videoconferencing service has had to answer for.
