Security research firm Cyble has reported a discovery of over 500,000 Zoom accounts, including login and password information, being sold on the dark web and in hacker forums.
BleepingComputer reports that these accounts are being sold for as little as a penny apiece, and in some cases are given away for free. “Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities,” writes Lawrence Abrams.
The article goes on to suggest that user account information was cultivated through past vulnerabilities in Zoom, whether due to insecure passwords used or past data breaches where compromised account passwords were never changed.
Below is a sample of a redacted list of user account emails and passwords, including accounts from members of the University of Vermont, University of Colorado, Dartmouth, Lafayette, and the University of Florida.
Image courtesy of BleepingComputer, April 2020
BleepingComputer confirmed that a number of the listed email addresses are current active Zoom accounts and that the login credentials are indeed correct.
Change your passwords. Set it to something that can’t be easily guessed, and do not use the same password on multiple systems or sites. That is the persistent message that IT departments have been telling their users, and this time is no different.
With Zoom’s overnight stardom and the sudden wide use of Zoom for both personal and business communications, now would be an ideal time for IT departments to remind their users to change their Zoom passwords at their earliest convenience.
From Zoom’s standpoint, though this does not exploit a current vulnerability, its brand is still associated with bad press around security and its product. Zoom has started to take IT security very seriously, and it would not be unreasonable for the company to implement some measure of password complexity for its user accounts, enforce a password change across the board, or to send out communication to all Zoom users asking them to change their passwords.
Zoho Workplace – a global enterprise collaboration platform – has reported that it is now supporting 15 million users and is experiencing a surge in usage for its business applications. However, compared to Microsoft’s Office 365 and Google’s G Suite, Zoho still has a long way to go in this marketspace.
Google has announced several updates to its G-Suite offering, which aims to heavily integrate and better secure its teamwork applications. The move represents a clear attempt by Google to directly compete with Microsoft’s office productivity suite, with several of the G-Suite updates mirroring the logical architecture of Office 365.
As of July 1, 2020, over 70,000 small business users receiving their Microsoft 365 services from Navisite will now receive them from Intermedia. The move means that Navisite’s users now have access to a range of Intermedia offerings, including Unite, Contact Center, and AnyMeeting.
Zoom recently announced Zoom for Home: an all-in-one hardware and software for home users designed to enable the work-from-home user with a single home appliance for web conferencing, phone calling, and interactive whiteboard collaboration.
Thinking about choosing a new software vendor but don't know where to start? Narrow down your shortlist by focusing on software that has received an Info-Tech Research Group award. New data from SoftwareReviews shows that organizations reported higher satisfaction when they switched to software that had received an Info-Tech award.
University researchers used artificial intelligence in an experiment to determine the extent of privacy risks that come with the use of this web conferencing tool. Publicly available data scraped from social networks was cross-referenced as part of this research.
As Zoom approaches the end of its 90 day moratorium on enhancements to focus on security, the company names Jason Lee, SalesForce’s former SVP of Security Operations, as its new CISO.
Moving townhall meetings online can present a range of virtual problems – not least, which web conferencing tool to use! This note explores how Microsoft Teams can be used by governmental bodies to remotely host their townhalls and other public engagements.
Upgrading one’s videoconferencing hardware is an important long-term investment that revolves around several decision points. This note offers a process for thinking about these decision points.