According to a Forbes report, experts at cyber risk assessment platform Cyble discovered a hacker giving away Zoom credentials for free.
“Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys,” the report said on Monday.
Cyble confirmed that the credentials were indeed valid.
Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct.
“In at least one case, however, the password listed was one that the user had long since changed,” the report mentioned.
The video meet app has gained immense popularity among the enterprises, SMBs and schools in India and elsewhere to connect remotely in social distancing times making it a treasure trove for the hackers.
One hacker interviewed by Motherboard who claims to have traded exploits found in Zoom on the black market said that Zoom flaws typically sell for between $5,000 to $30,000.
The vulnerabilities – everything from webcam or microphone security to sensitive data like passwords, emails, or device information – are being sold on the Dark Web.
Other issues that have affected its credibility is data-sharing with Facebook, exposed LinkedIn profiles, and a “malware-like” installer for macOS.
Zoom Video Communications has also been sued by one of its shareholders who alleged that the company kept some of its security flaws hidden.