What we can learn from the Zoom security breach
Over the recent weeks of lockdown, many of us have undoubtedly found ourselves taking part in video chats with our families, loved ones, and coworkers. So, it may have come as a shock to read this week that Zoom, a now very popular video conferencing platform, has suffered a security breach.
It’s worth noting that Zoom itself didn’t suffer the breach, instead the 500,000 Zoom user credentials that are currently for sale on the Dark Web were gathered by Credential Surfing. Credential Surfing is essentially using login details from one website to gain access to another one and is a very effective way for cybercriminals to wreak havoc with your personal information. In many cases this has meant that hackers have broken into meetings and have disrupted them with adult and racist content, whilst at
the same time capturing personal information.
The breach, which has seen half a million sets of logins, including email addresses, passwords, and personal meeting URLs, is a telling lesson that we should always make sure that we maintain good password and login management.
Despite some high-profile organisations taking precautions to stop using Zoom and, while in the current crisis services like Zoom will be targeted, it’s still safe to use video conferencing programmes if you follow some simple security measures.
Create a burner email
One of the easiest ways to ensure that your other online accounts, such as internet banking, remain safe is to set up a sacrificial or burner email account. Something random using a platform such as Gmail, Hotmail or Yahoo, will mitigate the risk of your personal email address being hacked or sold.
Change your passwords
If you have the same password for every website login, you really need to change it. Imagine the consequences of someone getting hold of your Facebook or Zoom login and automatically having access to your online banking. Each password is a key that unlocks a door. Take a second to think about how many front door keys you would leave lying around and then consider if you are doing the same thing online.
Check to see if your details are already on the Dark Web
Once your details are on the Dark Web, they stay there as there is no way to clean up databases on that part of the internet. So, it makes sense to check to see if your information is already being auctioned off.
If you have any concerns or worries that your information could be available on the Dark Web, please get in touch (we’re all still working, just remotely).