Sextortion hackers use 'friend's naked girlfriend' lure
A novel attempt to convince people to open malicious email attachments is spreading online, purporting to offer nude photos of a friend's girlfriend.
Email addresses and associated passwords sold for less than a penny on hacker forums.
More than 500,000 stolen passwords and account details for the video conferencing app Zoom have been discovered on the dark web.
Cyber-criminals are selling the credentials for a fraction of a penny each on hacker forums on the dark web – a hidden section of the internet that requires specialist software to access.
Researchers at online security firm Cyble first discovered the trove of data, which includes the email addresses and associated passwords of around 530,000 Zoom users.
It is believed that the account details were gathered from third-party data breaches rather than a hack on Zoom directly. Using a technique known as credential stuffing, hackers are able to link login details that are used for more than one online account in order to compromise another.
Cyber security experts responded to the dark web listings by reiterating the common-sense security practice of not using the same password across multiple websites and apps.
Despite Zoom not being directly implicated, the discovery once again raises security concerns about the video chat app, which has seen a huge surge in popularity in recent weeks as a result of coronavirus containment measures forcing people to work from home.
The company has been criticised for the way it handles users’ personal information, as well as a phenomenon known as “Zoombombing”, whereby strangers join meetings and disrupt conversations with offensive language and behaviour.
It has prompted some organisations and businesses to ban its use and prompted the FBI to issue a warning last month about making Zoom meetings public.
Zoom recently hired a former Facebook security chief Alex Stamos as an adviser and released new updates in an effort to address these issues.