Why Are Hackers Selling Thousands Of Zoom Accounts For Less Than 1 Cent Each?

In light of the coronavirus pandemic, everyone has turned to apps like FaceTime and Zoom to hang out with friends, take classes, or work via digital means. While Zoom has become a major social platform during stay-at-home orders, hackers have taken reliance on the popular video-chatting app to breach privacy of thousands of users.

Researchers found on Monday that hackers began selling over 500,000 Zoom accounts for less than one cent per account. According to findings from the cybersecurity firm Cyble, which investigates and stops mass hacking initiatives, they company has found more than half a million Zoom accounts on hacker forums and the dark web that have been put up for grabs for low prices, as reported by BleepingComputer. Cyble, in an effort to stop the accounts from being sold online, was then able to purchase about 530,000 accounts for $0.0020 each and report on their findings.

But, how exactly are thousands of Zoom accounts being hacked so suddenly? These hackings are not a traditional kind — Zoom accounts have been obtained using “credential stuffing,” which is when hackers use previous data breaches that include leaked usernames, email addresses, or passwords to get into the accounts. Those logins are then compiled into lists that are sold to hackers.

According to BleepingComputer, cybersecurity firms began seeing free Zoom accounts posted on the dark web around April 1st, including some 290 college-related accounts. Later, when Cyble bought accounts in bulk, they said that hackers provided everything from a user's email address, password, personal meeting URL, and their HostKey to the buyer.

The suspected reason for these accounts being doled out by hackers come back to digital attacks called "zoombombing." A new form of trolling and abuse, zoombombing entails people dropping in on Zoom calls to post violent content or harass others in the chat. Recently, hackers used zoombombing in virtual synagogue chats during Passover, shouting racist slurs at women of color, and berating people attending Alcoholics Anonymous meetings. In Massachusetts, a high school teacher reported that her classroom call was accessed by an unidentified individual who yelled profanities and displayed swastika tattoos.

Tiara Moore, the founder of Women of Color (WOC) Space, told BuzzFeed that her regular meetings with other women of color were entered by unwelcome parties in early April, with what seemed like 100 people yelling racist slurs like the n-word at the same time. Beyond cybersecurity experts suggestions to change passwords for Zoom accounts if they match other related login formats, authorities are now stepping in to help prevent these ongoing vicious attacks.

In late March, when the dangers of zoombombs become more prevalent, the Federal Bureau of Investigation in Boston had to step in to offer tips on how to keep online meetings secure. "The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language," The Bureau wrote in a statement released on March 30. "As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts."

FBI recommendations include ensuring active software is installed, hosting private meetings only, and managing screen sharing options to mitigate the dangers of online harassment. The FBI has also asked people to report incidents involving zoombombings or similar incidents to its Internet Crime Complaint Center, or specific teleconference threats to authorities, who are making efforts to stop this behavior as immediately as possible.