As the world shifted to using video conferencing tools during the pandemic, the widely-used Zoom platform came under fire for multiple security issues.
One of these concerns is that 500,000 Zoom account credentials recently became available on the dark web. This account information was not stolen from Zoom, but the bad guys got their hands on credentials stolen from other sites and then tried those username/passwords on Zoom (a technique called “credential stuffing”). Before you know it, they had half a million that worked (and provided the perfect example of  why one should never reuse the same username and password for different accounts).  

So what does this incident mean to you? Please see the following considerations:
  • What information was compromised?
    • Email addresses, passwords, and meeting links/keys.
  • How do I protect myself from this sort of attack?
    • As mentioned, do not reuse the same email addresses/passwords on multiple accounts. You especially do not want to use your company email address and password on external accounts. Otherwise, you could put your company at risk.
    • Use a password manager such as Dashlane. It is impossible to keep up with all of the accounts and passwords that we have nowadays, but a password manager makes it easy and can assist in helping you to not reuse passwords.
    • Use complex passwords (sufficient length, mixed characters, and etc.).
    • Utilize two-factor authentication wherever possible.
  • How do I secure my Zoom environment?
    • Do not publicly share your Zoom links.
    • Use a meeting password.