This coronavirus pandemic has put the Zoom brand on everyone’s mind recently as the most preferred software for communications worldwide for virtual classes and remote working communication. It is no secret why Zoom’s stock price has more than doubled in 2020 alone, but the apps weak software encryption has also caused prominent companies and organisations to ban the use of the software amongst their employees, such as the New York City Department of Education and SpaceX.
The biggest scandal of the year caused by Zoom happened after hackers were found to be accessing active video calls where they would interrupt sessions to show nudity or simply cause mayhem with profanity. Due to this, Zoom Video Communications Inc. was sued over the flaws in their encryption that allowed these trolls to disrupt web meetings.
The Second Scandal
As if trolls interrupting user’s calls was not enough, Zoom has now come under fire once again after hackers put over half a million Zoom login details on the dark web (the internet badlands). In order to retrieve this information from the dark web, the cyber risk intelligence platform Cyble purchased them via anonymous messaging through Telegram.
The logins were being sold for as low as A$0.180 each. Once the breach was discovered Cyble quickly jumped in to negotiate with what the Boston Globe reports as “a Russian-speaking person on the Telegram messaging service.”
To address this mishap, Zoom revealed that they had hired several intelligence firms that would aid in the search to find out what tools were used to create the password dumps and to eliminate this as a future possibility happening to other users.
Since the discovery of the sale of Zoom account login information on the dark web, Zoom has been able to shut down thousands of websites that served the purpose of providing download files to access the software. These files worked as bundles, which gave users an older copy of the software with malware files installed that allowed hackers to gain remote access to the user’s devices.
Although Zoom declined to give out specific information about how users’ information was leaked, a spokesperson for the company sent out a message by email to reassure users worldwide –
“We continue to investigate, and are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,”
So, what could be done with someone’s Zoom login details? By using the stolen data, one could easily access someone’s personal meeting room and invite others to join.Through this, not only would a hacker be violating the use of personal information, but they could also take advantage of the user’s contacts to pass malware on to them.
With over 200 million daily users, it is no secret that Zoom users have to take extra precaution with their login details and never reuse passwords that would compromise the integrity of any of their accounts.