Hackers are selling over 500,000 Zoom passwords, so switch to Discord already

Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /www/knowtechie_840/public/wp-content/plugins/wpcode-premium/includes/class-wpcode-snippet-execute.php(419) : eval()'d code on line 13

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Last week I suggested the best alternative to Zoom was to never use it, at least in the context of work. Regardless of the sarcasm, now there is more evidence that Zoom is a flawed platform and switching to Discord or Microsoft Teams doesn’t seem like a wholly terrible idea.

BleepingComputer is reporting that cybersecurity intelligence firm Cyble has discovered that Zoom accounts, including logins and passwords, are being posted on hacker forums. Some are being posted for free, some are being sold for fractions of a penny. To date, Cyble has tabulated there are over 500,000 available.

Cyble purchased a bulk of 530,000 Zoom credentials for less than $0.0020 per login. These logins were discovered and revealed by something called “credential stuffing attacks” in which malicious hackers use older login/password data dumps to basically guess Zoom logins. This is because people tend to use the same password and login for multiple sites, so if one was breached, chances are that login and password combo would be used in another program, like Zoom.

This breach didn’t just affect individuals, it also affected numerous companies and educational institutions. Users at colleges and banks had their emails and logins exposed. So, on a related note, your IT department would really like it if you changed your password.

So what can you do to prevent getting Zoom bombed by some racist piece of basement-dwelling trash?

Well, you can check sites like Have I Been Pwned or Am I Breached if you want to see if your email has been compromised. But these services only know what they know and they might not have a full list of breached email addresses. So considering the volume and considering that for some reason y’all won’t switch to the obvious communication platform (Discord), change your damn Zoom password.

Additionally, change how you use Zoom. Don’t just change your password, but require one when you set up a Zoom call. Use all the available security features, the best one being not to use the platform at all until it can manage to stay out of the news for a week.

What do you think? Surprised that Zoom account credentials are being sold left and right? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• Google is telling its employees to stop using Zoom citing security reasons
• Zoom knows its app is a hot security mess – the CEO is sorry and promises fixes are on the way
• The latest thing to be delayed due to the coronavirus? New emoji
• Verizon cancels at-home technician visits amid coronavirus pandemic