We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Zoom has been the target of cybercriminals who are amassing stolen login credentials and trying to sell them on underground forums. This is the latest security issue to dog the videoconferencing platform, whose usage has exploded amid coronavirus lockdowns.

According to a new report from IntSights, many of the hacker forums are now trying to block sales of stolen Zoom credentials. The result has been a cat-and-mouse game as hackers find ways around the rules, according to IntSights’ chief security officer Etay Maor.

These issues also provide a glimpse into the wider security threat that has emerged as individuals and companies have had to radically reorganize their work habits in ways that challenge existing corporate security systems.

Global threat intelligence firm IntSights has been tracking the rise of fraud and scams in the wake of COVID-19. In its latest research, the company was able to acquire several databases full of Zoom credentials across a handful of underground forums.


Transform 2022

Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.

Register Here

Those databases included Zoom usernames and passwords and appeared to be a combination of former Zoom databases that had been compromised and new personal information gained via “credential stuffing” attacks. The latter involves using an automated process to match other stolen credentials to services such as Zoom.

Credential stuffing attacks exploit the fact that people tend to use the same passwords over and over. So if someone steals your email password, there’s a good bet it can be used to access other accounts. Once cybercriminals access accounts on Zoom or elsewhere, they can then take control of them, and such hackers use various strategies to avoid raising alarm bells.

In some cases, the databases were as old as 2013, from just a couple of years after Zoom’s founding, but the company’s surge in popularity has made these much more valuable. After matching the credentials, IntSights found that hackers are putting them into new databases that offer more recent and confirmed logins and then selling them on illicit forums.

IntSights researchers reiterated that many of these forums have been trying to crack down on the practice. “This does not mean that the forum is a whitehat channel; the same forum still offers many illegal goods and services,” wrote Maor. “But as of now Zoom credentials or attacks are not welcome.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.