As a family man and business owner, I try to look for the good in all people but as a cybersecurity expert and author, it’s sometimes hard to find that good. So when Bob Schiff, founder and CEO at Cyberlitica and colleague of mine offered to share some screen shots with me, I felt like I was slowly driving by a car wreck. As much as I wanted to avert my eyes, I couldn’t resist looking.
In the midst of the largest health pandemic in decades, you would think that cyber thieves might take a break but no such luck. Dark Web monitoring security and cyber awareness company, Cyberlitica, has uncovered stolen Zoom login credentials being shared and sold across the Dark Web. While not a shock, it is very disconcerting to see criminals take advantage of users that are probably new to the video chat platform and also probably worried about the health of loved ones.
Sure enough, the stories of over 500,000 usernames and passwords being sold cheap or even given away on the Dark Web began to appear just around this time as well. The Zoom video chat service has exploded in popularity in recent weeks growing from 10 million to over 200 million users quickly. This not only explains the large breach of user names, emails and passwords but also the timing. When a relatively focused video conferencing service like Zoom that typically caters to enterprise is suddenly adopted by millions of consumers looking to connect to family and friends around the world, you get a lot of new users that don’t typically adhere to best security practices.
Cyberlitica now offers a Dark Web password search for instant results. You can give it a try if you suspect your password is already listed somewhere on the Dark Web.
Of course hackers and cyber criminals are attracted to the surge in Zoom users which also explains the incidents of Zoom Bombing including warnings and tips from the FBI to help video chatting families avoid hate speech and pornography. The calls from news outlets searching for Zoom-centric security news has not subsided so I have appeared on CGTN America to offer more security advice; this time involving the Dark Web.
The Dark Web thrives on sales of stolen and illegal goods so login credentials are just another form of currency. The difference with digital and physical goods is that digital goods can be copied, bundled and re-sold over and over again to ensure that your private password essentially becomes public. To make matters even worse, security-deficient users tend to re-use one password across several services or platforms. So not only can hackers interrupt or even invite your friends and loved ones to illegitimate Zoom meetings, they can also breach other accounts that share your same Zoom password. I have already shared tips to stay safe during Zoom and other video chat service providers but they bear repeating here:
- Password protect all of your meetings
- Create Waiting Rooms for attendees
- Require host to be present before meeting starts
- Lock a meeting once it starts
- Screen share watermarks – puts part of your email on the shared screen
- Require Audio signatures – embeds each meeting participant’s credentials into their audio track
- Enable/disable a participant or all participants to record
- Temporary pause screen-sharing when a new window is opened
- Only allow individuals with a given e-mail domain to join
- Secure your meetings with end-to-end encryption