Since the implementation of containment measures in schools and businesses in countries affected by the coronavirus, the number of users of Zoom has increased dramatically, from 10 million per day last December to 200 million in March 2020. But it seems that the platform has been a victim of its success. Indeed, Zoom is increasingly the subject of criticism on aspects of its security and the violation of the privacy of its users. The latest is that hundreds of thousands of accounts have been sold off on the dark web and hacker forums and other credentials are even distributed free of charge. This information includes the victim’s email address, password, link to the personal meeting number, and the host key.
The information was revealed by cybersecurity firm Cyble, which bought 530,000 accounts for just under 1,000 euros. Accounts offered for free on hacker forums would allow criminals to use them in various malicious activities. These identifiers were collected using the “credential stuffing” technique, which uses information from accounts of other sites, previously stolen, to connect to Zoom.
The company has also announced new measures to enhance the security of the platform. “The Zoom team has worked hard to provide additional features that make your Zoom meetings and webinars even more secure. This weekend’s version included additional password protections, one of the best options for securing your meetings and webinars, “she said.
Here is the list of new measures:
- Password requirements: For meetings and webinars, account owners and administrators can now configure the minimum meeting password requirements to adjust the minimum length and require letters, numbers and special characters, or allow only numeric passwords
- Random Meeting IDs: Unique Random Meeting IDs for newly scheduled meetings and webinars will be 11 digits instead of 9
- Cloud recordings: Password protection for shared cloud recordings is now enabled by default for all accounts. We have also improved the complexity of passwords on your cloud recordings. Existing shared records are not affected
- File sharing with third parties: You can again use third-party platforms, such as Box, Dropbox, and OneDrive, to share files on the Zoom platform. We have temporarily disabled this feature and restored it after a full process security review
- Preview Chat Messages: Zoom Chat users can hide the message preview for chat notifications on the desktop. If this function is deactivated, you will simply be notified that you have a new message without displaying the content of the message.
In addition, despite the fact that platforms such as Zoom are increasing security measures, hackers will still be able to obtain identification information through credential stuffing, if users use the same combinations of passwords and identifiers.
Source : Zoom