By Legal Futures’ Associate Hayes Connor Solicitors
The video conferencing app Zoom has suffered a significant data breach with a reported half a million users’ credentials being sold, or given away, on the dark web as cybercriminals take advantage of a surge in its use.
Email addresses, passwords, meeting URLs and host keys were found for sale on forums on the dark web for less than a penny each as hackers utilised a technique known as credential stuffing to obtain the details.
Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: “Zoom has become one of the video conferencing apps of choice during the pandemic as businesses, and individuals alike, try to maintain continuity and connection.
“This serious breach was not a direct hack on Zoom but instead, a result of credential stuffing. This is where cybercriminals take private information that has already been breached elsewhere and use the same information to access different services – in this case, Zoom.
“The stolen details included meeting host keys which would allow an intruder to join a meeting uninvited. For law firms using Zoom for meetings with colleagues, clients or Counsel, the ramifications could prove a costly disaster.
“The software is free and has become widely used during the lockdown with social media awash with screenshots of both professional and personal Zoom meetings in recent weeks.
“The ease of accessibility has made Zoom the tool of choice during the crisis but hackers have simply taken advantage of the fact that users have a habit of reusing the same login details across multiple platforms.
“While several public and private sector organisations have now banned the use of Zoom following the security breach, businesses should ensure that all employees are adequately trained and supported with robust cybersecurity in place.
“Simple measures like making staff aware of the importance of using unique login credentials on different platforms can minimise the associated risks of homeworking and greater reliance on technology.”
For more information about Hayes Connor Solicitors, visit the website at www.hayesconnor.co.uk