< Back to Searchlight Blog

Thousands of hacked Zoom accounts for sale online

Published on 27 Apr 2020 by Illy

Zoom is a video conferencing service that has raised to prominence throughout the start of this year. However, due to various security and confidentiality concerns, the service has faced backlash.

Zoom is a video conferencing service that has raised to prominence throughout the start of this year. However, due to various security and confidentiality concerns, the service has faced backlash. The situation does not seem to be improving for the California based company as thousands of users have had their Zoom accounts sold and traded on various Clearnet and Darknet forums.

Searchlight Security has identified one post on a hacking forum where on the 1st of April a user posted a configuration file [1] for the web based pen-testing suite OpenBullet. This configuration file was for the Zoom login service, allowing users to easily check thousands of known credentials gained from other websites. One user thanked the poster before hours later posting a file containing hundreds of credentials they claimed were to logins to Zoom accounts [2]. These credentials also contained information such as the users full name, meeting ID and host Key which allows the user to take control of calls.

alt text

References: [1] https://www.nulled.to/topic/1049402-openbullet-zoomus-config-5k-cpm-capture-meeting-url-host-key-name-meeting-id-account-type/?hl=zoom.
[2] https://yandexwebcache.net/yandbtm?lang=en&fmode=inject&tm=1586953838&tld=ru&la=1586512256&text=x%20Zoom%20Accounts%20with%20Capture%20%3A%20Meeting%20Id%2FURL%2CHostype&url=https%3A%2F%2Fwww.nulled.to%2Ftopic%2F1049984-x352-zoom-accounts-with-capture-mee.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io


Latest News from Searchlight

20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.

Read more...

19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.

Read more...

18 May 2020

Hackers claim to have "dirty laundry" on US President Donald Trump alongside many celebrities in law firm breach

One of the worlds largest entertainment lawyers who allegedly also worked for President Trump has been the victim of ransomware, with hackers threatening to sell off the acquired data to the highest bidder on the darknet.

Read more...

13 May 2020

Hacker sells millions of recently breached accounts on the darknet.

Unacademy, a service that claims to be “India’s largest learning platform” has reportedly had a data breach, with 28 million user accounts for sale on a darknet market.

Read more...