< Back to Searchlight Blog

Thousands of hacked Zoom accounts for sale online

Published on 27 Apr 2020 by Illy

Zoom is a video conferencing service that has raised to prominence throughout the start of this year. However, due to various security and confidentiality concerns, the service has faced backlash.

Zoom is a video conferencing service that has raised to prominence throughout the start of this year. However, due to various security and confidentiality concerns, the service has faced backlash. The situation does not seem to be improving for the California based company as thousands of users have had their Zoom accounts sold and traded on various Clearnet and Darknet forums.

Searchlight Security has identified one post on a hacking forum where on the 1st of April a user posted a configuration file [1] for the web based pen-testing suite OpenBullet. This configuration file was for the Zoom login service, allowing users to easily check thousands of known credentials gained from other websites. One user thanked the poster before hours later posting a file containing hundreds of credentials they claimed were to logins to Zoom accounts [2]. These credentials also contained information such as the users full name, meeting ID and host Key which allows the user to take control of calls.

alt text

References: [1] https://www.nulled.to/topic/1049402-openbullet-zoomus-config-5k-cpm-capture-meeting-url-host-key-name-meeting-id-account-type/?hl=zoom.
[2] https://yandexwebcache.net/yandbtm?lang=en&fmode=inject&tm=1586953838&tld=ru&la=1586512256&text=x%20Zoom%20Accounts%20with%20Capture%20%3A%20Meeting%20Id%2FURL%2CHostype&url=https%3A%2F%2Fwww.nulled.to%2Ftopic%2F1049984-x352-zoom-accounts-with-capture-mee.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io


Latest News from Searchlight

03 Jun 2020

Hacked Daniel's hosting database released.

Daniel's hosting, a widely used provider of free darknet hosting, found itself a target of an attack earlier this year, causing its closure shortly after, with its database just now being publicly released.

Read more...

26 May 2020

Update on the effects of COVID-19 on the Darknet

With the world in the grip of the COVID-19 Pandemic, many ways of life have and continue to change as countries adapt to what media are calling the “new normal”.

Read more...

20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.

Read more...

19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.

Read more...