With offices worldwide closed due to coronavirus lockdowns, freelancers have become increasingly reliant on videoconferencing platforms in order to continue communicating with and provide their services to their clients.
Zoom, one of the most popular platforms, which offers conferences with a limit of up to one hundred participants for forty minutes for free, was recently revealed by cybersecurity experts Cyble to have had over half a million accounts compromised, including personal meeting URLs and host keys. The accounts were freely available for purchase on the dark web for around $0.0020 each.
The accounts were not necessarily hacked: many logins were obtained using “credential stuffing”, whereby hackers use credentials already obtained in previous data breaches to gain access to other services, because many people tend to use the same username and password combination across multiple services.
The accounts purchased by Cyble included ones for well-known companies such as Chase, Citibank, educational institutions, and more.
Cyble and Bleeping Computer reached out to some of their account owners and confirmed that the logins were valid. In at least one case, however, the password listed was one that the user had changed some time ago.
Lee Mathews of Forbes said: “The problem is that by now all of those old stand-by passwords have been filed away in databases by criminal hackers. They’re actively using them to break into accounts using brute force attacks.
“Usernames, email addresses, and passwords have been exposed by the billions over the past several years. Creating a new account on Zoom — or any service, for that matter — is simply not a good idea.
“Hackers will come knocking. It’s not a question of if. It’s a question of when.
“To keep your own account from falling victim to a brute force attacks use unique, strong passwords. Passwords so strong you can’t even remember them.
“You won’t have to, though, if you install a good password management app. 1Password, DashLane, and LastPass. If you set up a Zoom account using one of your old passwords, install one of these apps now and then go reset it to something much more secure.”
Contractors using Zoom may wish to use such a password management solution, or explore alternative platforms, especially if the contents of virtual meetings are sensitive or confidential. We have compiled a list of alternative videoconferencing platforms for your convenience:
- Google Hangouts Meet
- Blizz by TeamViewer
- Cisco Webex Meetings
- Zoho Meetings
- Jitsi Meet
- Hibox Discord
15th April 2020.