Login Credentials for Over 500,000 Zoom Accounts on Sale Via the Dark Web

The seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords, according to security firm Cyble.

learn more about Michael Kan

By Michael Kan

Rafael Henrique/Getty Images via PC Mag

This story originally appeared on PCMag

You might want to place a strong password on your Zoom account. Otherwise, it could end up for sale on the dark web.

Security firm Cyble says thousands of breached Zoom accounts have been circulating in underground hacker forums since April 1. The company told BleepingComputer it purchased access to 530,000 Zoom login credentials for a mere $0.0020 per account.

In return, the seller gave Cyble access to account holders' email addresses, passwords, personal meeting URLs, and their host keys, which can be used to claim "host controls" for a Zoom meeting.

The seller likely obtained the Zoom login credentials by exploiting past data breaches, which contain email addresses alongside previously used passwords. With the aid of automated software tools, a hacker can plug in thousands of potential logins into an internet service to find out the right combinations to break into someone's user account.

Other services including Amazon, Netflix, and Disney+ are also regularly targeted with automated account hijacking attacks. So it's strongly recommended you use hard-to-guess, unique passwords on your online accounts. (To help you remember the logins, consider a password manager.)

In Zoom's case, an account hijacking could be especially serious for people who use the video conferencing service for sensitive business meetings or government purposes. Accessing a Zoom account will also display all the meetings a person has scheduled on the service, with easy access to attend them. According to Cyble, the accounts it bought from the dark web seller appear to be connected to well-known companies such as Chase, Citibank, and educational institutions.

"The data was shared with us privately via an App (Telegram) with a Russian-speaking actor," Cyble CEO Beenu Arora told PCMag. "At this point, we have just tested some samples, and a good portion of the samples seem valid."

He expects hackers to continue to target Zoom, given its sudden popularity as a video conferencing option for government agencies, businesses, and consumers.

In response, Zoom says it's working to crack down on the hacking activities. "We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials," the company told PCMag. "We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts."

To change your password, you'll need to log into Zoom's website, and go to your account. Under the profile tab and at the section "Sign-In Password," you can edit your login credential. Unfortunately, Zoom doesn't appear to offer two-factor authentication for free basic users.

Michael Kan


Michael has been a PCMag reporter since October 2017. He previously covered tech news in China from 2010 to 2015, before moving to San Francisco to write about cybersecurity.

Related Topics

Editor's Pick

This 61-Year-Old Grandma Who Made $35,000 in the Medical Field Now Earns 7 Figures in Retirement
A 'Quiet Promotion' Will Cost You a Lot — Use This Expert's 4-Step Strategy to Avoid It
3 Red Flags on Your LinkedIn Profile That Scare Clients Away
'Everyone Is Freaking Out.' What's Going On With Silicon Valley Bank? Federal Government Takes Control.

How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.


How to Get High Quality Leads From LinkedIn At No Cost

Struggling to figure out how to get top-quality leads through LinkedIn? Keep reading to learn the best LinkedIn lead generation practices that work and the common mistakes you must avoid.


After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.

Author Karen Inglis breaks down the strategies and tactics you need to generate awareness and sales for your self-published book.

Thought Leaders

What Walt Disney, Thomas Edison and Dr. Seuss Can Teach You About Entrepreneurial Longevity

Uncover the secrets of three of the most experienced entrepreneurs in history and create your lasting legacy.