The dataset was purchased by cybersecurity firm Cyble -- which reportedly started seeing Zoom account information posted on the dark web as early as April 1 -- in order to inform customers of potential breaches, BleepingComputer reported.
According to the tech news website, the personal information was taken by hackers who used “credential stuffing.” The tactic is when potential hackers use accounts that were leaked in previous data breaches and try to log in to Zoom.
“The successful logins are then compiled into lists that are sold to other hackers,” BleepingComputer reported.
|ZM||ZOOM VIDEO COMMUNICATIONS INC.||143.81||+7.00||+5.12%|
Some of the hacked Zoom accounts were given out for free on hacker forums, while others were sold for less than a penny per account, according to the website.
Many of the email addresses that were listed in the Cybie purchase “had been part of previous data breaches,” NBC News reported.
"It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere," a spokesperson for Zoom told FOX Business in an emailed statement. "This kind of attack generally does not affect our large enterprise customers that use their own single sign-on systems."
"We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials," the spokesperson added. "We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts.”
Earlier this week, the company was sued alongside Facebook and LinkedIn because the two social media sites reportedly recorded Zoom users’ calls to obtain personal information, according to the court papers.
Zoom was also sued by one of its shareholders last week because the company reportedly overstated its privacy standards and did not “disclose that its service was not end-to-end encrypted,” Reuters reported at the time.