Stolen Zoom passwords and meeting IDs are already being shared on the dark web

As Zoomconfronts numerous security issues amid a spike in use of the service during the coronavirus pandemic, yet another problem for the video conferencing platform has entered the stage, thanks to the dark web.

Cybersecurity firm Sixgill recently discovered a collection of 352 Zoom accounts that had been compromised. The accounts were shared by a user on a popular dark web forum; information included each account’s connected email address, password, meeting ID, host key, and host name.

A screenshot of the original post sharing stolen Zoom credentials on a popular dark web forum. Credit: sixgill

The stolen credentials were even labeled by type of Zoom account, meaning some of the stolen information included users paying for a higher-tier service plan.

“In comments on this post, several actors thanked him for the post, and one revealed intentions to troll the meetings,” said Dov Lerner, security research lead at Sixgill, in a statement provided to Mashable.

But online trolling isn't the only thing people could do with the information shared from these Zoom accounts.

“The accounts could certainly be used to troll the owner of the account or those who are joining the owner's calls, but these credentials could also be used for corporate or personal eavesdropping, identity theft, and other nefarious actions,” Lerner explained. “There's a number of ways a malicious actor could use these stolen accounts.”

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

This is especially concerning when looking at who the accounts belong to. According to Sixgill, while its researchers found that most of the 352 accounts were personal, some belonged to educational institutions and small businesses. One of the accounts was that of a major U.S. healthcare provider.

So, what is the "dark web" where these accounts were posted? In the simplest terms, the dark web encompasses websites, forums, and other online destinations that require a special web browser called Tor to access. You cannot visit these sites by just typing a URL into Google Chrome or Firefox. They aren’t visible to search engines — the dark isn’t discoverable when searching for them on Google.

Users on the dark web forum where the Zoom accounts were posted were thrilled to see the stolen information. Credit: sixgill

The collection was found by Sixgill on April 1, as criticism was being leveled at Zoom for its securityand privacy practices. While the video teleconferencing company has blown up in popularity during the coronavirus pandemic, the newfound success has also brought to light issues with the service.

Security experts have noted how the service can be used by employers to effectively spyon their employees at home. The application was discovered to be unnecessarily providing user datato Facebook, as well as mining LinkedIn to unmaskanonymous users without their knowledge. A bug was uncoveredthat allowed hackers to steal your Windows passwords through Zoom.

Security issues became so prevalent that a new colloquialism, “Zoom-bombing,” was coined to specifically define the act of finding a meeting ID and crashing a Zoom teleconference. The accounts discovered by Sixgill included meeting IDs, which means all those users could be targeted by this act specifically.

Things became so bad that last week, Zoom’s CEO Eric Yuan apologized for the issues and announcedthe company was going to focus on fixing its security and privacy bugs over the next 90 days.

One thing Zoom should work on in these coming months: figuring out how a malicious actor got their hands on account credentials belonging to 352 of its users.