Cybercriminals zoom in to exploit lockdown opportunities
Video conferencing app Zoom is at the centre of a significant data breach. Reports state that a privacy violation has resulted in half a million users' credentials being sold or given away on the dark web, as cybercriminals take advantage of a surge in the apps use.
Following the Zoom data breach, email addresses, passwords, meeting URLs and host keys were found for sale on forums on the dark web. A hidden section of the internet, the dark web allows users to remain anonymous and untraceable. And, if Zoom user data has been put up for sale, that is extremely worrying. Not least because, in our experience, cyber-criminals can do extensive damage with this data.
What happened in the Zoom data breach?
User information is reportedly selling for less than a penny each as hackers used a technique known as credential stuffing to obtain the details. Credential stuffing is where cybercriminals take private information that has already been breached elsewhere and use this data to access different services - in this case, Zoom.
So, the breach was not a direct hack on Zoom. Instead, criminals used stolen data to access Zoom accounts. This could have serious ramifications as it means that intruders could use host keys to join a meeting uninvited. With businesses across the world, and even the UK cabinet, using Zoom to collaborate during the coronavirus pandemic, it's not difficult to understand why this breach is so concerning.
What do the data protection experts think?
Talking about the Zoom data breach, our MD and cybercrime specialist, Kingsley Hayes, said:
"Zoom has become one of the video conferencing apps of choice during the pandemic as businesses, and individuals alike, try to maintain continuity and connection. But, for businesses using Zoom for meetings with colleagues, or to share sensitive information, the ramifications could prove a costly disaster.
"The software is free and has become widely used during the lockdown with social media awash with screenshots of both professional and personal Zoom meetings in recent weeks.
"The ease of accessibility has made Zoom the tool of choice during the crisis, but hackers have simply taken advantage of the fact that users have a habit of reusing the same login details across multiple platforms.
"While several public and private sector organisations have now banned the use of Zoom following the security breach, businesses should ensure that all employees are adequately trained and supported with robust cybersecurity in place.
"Simple measures like making staff aware of the importance of using unique login credentials on different platforms can minimise the associated risks of homeworking and greater reliance on technology."
Your personal information is at risk during the coronavirus pandemic
Hayes Connor has previously raised concerns about a potential increase in data breaches during the coronavirus pandemic. Primarily, our expert data breach solicitors believe that personal information is at risk in four different ways.
- An increase in phishing emails and coronavirus scams. Find out more about this, and how to protect yourself from coronavirus scams here
- An increase in app use as people use new, untested technology in an effort to contain, tackle and manage the disease
- An increase in human error at a time when people are worried and confused. However, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place
- An increase in data breaches due to remote and homeworking.
The zoom data breach falls into at least three of these categories (and possibly four if we take a failure to use proper password management into account).
What to do if you are affected by a data breach
To find out more about how we might be able to help following a data hack, victims can register with Hayes Connor Solicitors using our handy form. Alternatively, you can contact us on 0151 363 5895*.