After the significant data breaches in Nepal, popular video conferencing, chatting app Zoom has suffered a significant data breach of more than 5 lakh users worldwide containing victim’s e-mail address, password, personal meeting URL, and their Hostkey.
Over 5 lakh users data are sold on hackers forum on the dark web for less than a dollar, and some of the user’s data are given for free.
The leaked user’s data can be misused by hackers for spamming, advertisement, using bots to log in various sites.
The user’s information was gathered using a credential stuffing attack. It’s a cyber-attack where the hackers use old compromised E-mails and use bots to log in to the website, and the matched data are sorted out. In this case, the hackers filtered out the credentials which successfully logged in on Zoom and dumped the data via the dark web.
According to Bleeping computer zoom accounts were being posted in the hacker forum since 1st April 2020. However, 290 users were called randomly and queried whether the data is legit or not, and some user’s passwords were the old ones. So, it is likely to be sure that most credentials are old ones, but Cybersecurity intelligence firm Cyble has confirmed that the data breach is valid.
According to Cyble, the data breach includes mostly users from Well known companies, educational institutes like Citibank, chase. Till now, Zoom has not yet officially confirmed the incident.
Video conferencing app Zoom was accused of misusing users’ data, and there was a rumor that Zoom user’s data is being leaked, which came out to be true. Users have previously reported that trolls, porns, and disturbing images were appearing in the middle of the conference.
If you are using the Zoom app, you might probably be thinking whether your data is exposed or not. You can site like Have I been pawned to check whether your information is compromised or safe. Zoom users can change the password for their safeguard.
To be concluded, data breach incidents are entirely on the run in Nepal, the data dump of Zoom users has added fuel in the fire in the current scenario. Maybe more data breach incidents are yet to draw closer to Nepal. Let’s be safe from unauthorized and unverified apps and prevent our digital identity.