Yet another scandal with the Zoom videoconference service has taken place due to poor privacy and protection of user data. It should be noted that in mid-April, about 500,000 hacked Zoom accounts were found on hacker forums. Now, another data leak has occurred.
The databases included email addresses, passwords, service meeting URLs, as well as host keys that were sold for less than a cent or even were available free of charge. Thus, the attackers tried to earn a reputation in the hacker community.
Before this, in early April, it became known about the leak of several thousand personal Zoom video calls. Leaked videos appeared in the public domain on YouTube and Vimeo.
This time, the data was leaked to Telegram, a popular messaging platform. Cyble cybersecurity experts have now been able to buy a base of 500,000 Zoom user logins for $6,000. The intermediary in the transaction was an anonymous Russian-language account in Telegram. Some of the purchased logins belonged to Cyble customers.
Previously, the cybersecurity company decided to redeem about 530 thousand accounts in bulk for 0.002 cents each. Among those accounts, there were the ones of large companies such as Chase and Citibank. According to the experts of the company, the incident again proves the lack of protection of user data in Zoom.
At the beginning of April, Zoom promised to fix detected problems with the security and privacy of conferences within 90 days, so the videoconference service is still unsafe.