Hackers sell Zoom accounts on dark web after successful credential stuffing attacks

Another damaging news for Zoom is the discovery of more than 500, 000 Zoom accounts being sold on hacker forums and the dark web. An investigation was initiated by Cyble, a cyber security intelligence firm, after it found individuals selling Zoom accounts on hacker forums to a gain reputation in their respective community. These deviant individuals are selling hundreds of zoom accounts for free or for a fraction of a penny. The list of breached accounts includes private individuals, companies and universities like Citibank and University of Vermont, Florida and more.

With the intention of warning the exposed individuals, Cyble bought five hundred and thirty thousand Zoom credentials for a meager price of $0.0020 per account on a hacker forum and shockingly found that they were sold victim’s  Zoom account personal details like their passwords, email IDs, HostKey and Personal Meets IDs.


BleepingComputer confirmed that the shared information on hacker forums and dark web is authentic, after it confirmed the credentials from some of the exposed individuals. They also confirmed that hackers are using previously leaked passwords for new credential stuffing attacks.

Zoom user’s data was obtained by credential stuffing attacks leaked in previous data breaches. Credential stuffing attacks are several forced login attempts by hackers based on user’s account information to gain access. After successful login attempts, user details are saved and sold by miscreants for zoombombing to leave hateful, racist, sexist and abusive remarks and comments during meetings, for blackmail by stealing private and sensitive data and much worse.

In the COVID-19 pandemic, when the number of daily users on Zoom jumped from 10 million to 200 million in March, it brought forth the issue of weak security and privacy walls on the platform. Since then, news of a new breach or zoom bombing is in circulation almost every week. However, the company is working on improving security but unfortunately the damage has been done for now. A lot of companies are putting a ban on Zoom for communication, like Google. Personally, I have started to even put a tape on my webcam. It is also a good time to consider Zoom alternatives, until the company sorts out these issues.

Zoom provides a unique group screen sharing experience, however, it must work efficiently to resolve its major security issues. In the mean while, Zoom users are advised to not use repeated passwords for various sites because it makes them vulnerable to such credential stuffing attacks. Make sure to check out our guide too on how to make Zoom more secure to use.

About the Author

Addicted to social media and in love with iPhone, started blogging as a hobby. And now it's my passion for every day is a new learning experience. Hopefully, manufacturers will continue to use innovative solutions and we will keep on letting you know about them.