Zoom Data Breach

  • By David Lukic
  • Nov 02, 2021

Zoom has become a widely popular video conference and meeting platform over the past few years. The video conferencing giant offers free service to individuals and paid accounts for companies. The variety of plans come with different options. Although they promise top-notch security, Zoom experienced a major data breach earlier this year, affecting more than half a million users!

Zoom is no stranger to security issues. Over the past year, multiple lawsuits and investigations have haunted Zoom due to poor security practices and privacy issues. Google actually banned its employees from using Zoom due to security issues.

Online classrooms have even been “Zoom bombed” meaning hackers join the meeting illegally and post inappropriate content for all to see. Hackers also got their hands on 500,000 user account passwords in April and offered them up on the dark web for cheap money or, in some cases, for free. So how did they get their hands on all those accounts? Credential stuffing.

For those who don’t know what credential stuffing is, it’s when hackers use a database of old usernames/passwords and try them on other websites. Unfortunately, due to the fact that many people reuse passwords across multiple sites, this technique often works. These cybercriminals then created a database of the usable credentials and sold them online, exposing the data for 500,000+ Zoom users.

The usernames and passwords were not all that were included in this list. Along with them were the victim’s email address, personal meeting ID, and a 6-digit PIN used to claim hosting controls inside a meeting for that user.

Data Breach at Zoom

When Was the Zoom Data Breach?

Cybersecurity experts noticed the Zoom accounts on the dark web around April 1, 2020. The breach must have happened in the months prior as hackers worked tirelessly to harvest all the usernames and passwords, which they then sold for a penny apiece.

How to Check if Your Data Was Breached

Although Zoom has not provided any type of online tool to check to see if your data was breached in this event, you can use one of the various online tools like HaveIBeenPwned and AmIBreached to check to see if your usernames or passwords are out there on the dark web for sale. You can also use third-party search tools to check for any breaches and whether or not your information is exposed.

What to Do If Your Data Was Breached

If you are one of the many accounts listed in the Zoom data breach, change your Zoom password immediately. If you reused the same username or password on any other websites, change those as well. Be sure to use really long, complex passwords (a mix of lower and uppercase letters, numbers, and symbols) and always opt-in for 2-factor authentication when it is offered.

Data Breach Lawsuits

Are There any Lawsuits Because of the Data Breach?

Yes. Zoom is currently facing multiple class-action lawsuits due to many security and privacy issues stemming from their shared information with Facebook and other concerns. 

New York’s Attorney General also sent Zoom a letter outlining her concerns and requesting a plan of action to fix the vulnerabilities. In early April, Congress reached out to Zoom in an attempt to obtain information about the security issues and plans for resolution.

The Washington Post reported that thousands of video call records were left unattended and open to the public on the web. Some of these recorded calls included personally identifiable information (PII) such as therapy sessions, Telehealth data, company financial data, student information, and more.

The state of California initiated a class-action lawsuit regarding the Facebook leak of information, the lack of end-to-end encryption as promised, and the webcam vulnerability allowing hackers to take control of someone’s device.

Can My Zoom Information Be Used for Identity Theft?

Absolutely. Unfortunately, hackers have not just breached user information, but due to the wide variety of other security and privacy issues with Zoom, a lot of your information may have been exposed, and some of it could be used for identity theft. The path to identity theft and fraud begins with only a name, then an email, and if hackers gain access to any of your login accounts, they can see your entire profile. If you reused passwords on multiple websites, it is unclear how much information they could have potentially stolen about you and use for identity theft or fraud.

Zoom Identity Theft

What Can You Do to Protect Yourself Online?

Although you could choose to stop using Zoom, even with the security issues, it is still a useful and free tool for video conferencing and meetings. However, you can certainly take steps to keep your online life safe and protect your personal information. Some things you should consider immediately are:

  • Change all your login passwords, especially if you reused your Zoom credentials on other sites.
  • Only use really strong, complex passwords that do not contain any personal information like a birthdate or address.
  • Sign up for two-factor authentication on Zoom and other platforms whenever it is available to you.
  • Update all your devices (computers and mobile devices) with the latest security patches.
  • Install and run antivirus/anti-malware software on all devices.
  • Keep an eye out for phishing or other suspicious emails and never, ever click a link or call a phone number contained in an email. Instead, go to the web yourself and log in or get the information to call.
  • Review the privacy settings for your camera and microphone and which apps have access. 
  • Never give out personal information to anyone you don’t know.
  • Never enter credentials on an account without the proper security (HTTPS).
  • Regularly scan your bank and credit card accounts for any suspicious activity.
  • Consider signing up for credit and identity theft monitoring.

You cannot do enough to keep your private information safe when using online tools and resources. Your best defense is to use common sense, and if something seems “off” walk away or take quick action to protect yourself and your identity.

About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in t ... Read More

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. Wha ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

Latest Articles

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world.

Weekly Cybersecurity Recap January 27

Weekly Cybersecurity Recap January 27

This week, our lineup is pretty hard-hitting. Some of the biggest names in, well, everything, have been hacked, with a combined victim total of well into the millions.

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close