Zoom accounts became a victim of cyberattack.
Over 500,000 Zoom accounts are being sold on the dark web.
These credentials were gathered through credential stuffing attacks where threat actors attempt to log in to Zoom using accounts leaked in older data breaches.
The purchased accounts include a victim's email address, password, personal meeting URL, and their HostKey.
TPRM report: https://www.rankiteo.com/company/zoom-video-communications
"id": "zoo1259291222",
"linkid": "zoom-video-communications",
"type": "Data Leak",
"date": "6/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 500000,
'industry': 'Technology',
'name': 'Zoom',
'type': 'Company'}],
'attack_vector': 'Credential Stuffing',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 500000,
'personally_identifiable_information': True,
'type_of_data_compromised': ['Email address',
'Password',
'Personal meeting URL',
'HostKey']},
'description': 'Zoom accounts became a victim of cyberattack. Over 500,000 '
'Zoom accounts are being sold on the dark web. These '
'credentials were gathered through credential stuffing attacks '
'where threat actors attempt to log in to Zoom using accounts '
'leaked in older data breaches. The purchased accounts include '
"a victim's email address, password, personal meeting URL, and "
'their HostKey.',
'impact': {'data_compromised': ['Email address',
'Password',
'Personal meeting URL',
'HostKey']},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Financial gain by selling accounts on the dark web',
'post_incident_analysis': {'root_causes': 'Reused credentials from older data '
'breaches'},
'title': 'Zoom Accounts Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Reused credentials from older data breaches'}