A recent report claims that the login details for over 500,000 Zoom accounts have been shared or sold on hacker forums and the dark web.

A recent report from BleepingComputer alleges that over 500,000 Zoom video conferencing accounts have been sold or shared on the dark web and hacker forums, many being sold for less than a penny or sometimes given away entirely for free. The credentials are gathered through a cyber attack known as “credential stuffing” in which hackers attempt to login to Zoom using account emails and passwords leaked in prior data breaches.

Successful logins are then saved into large lists and sold to other hackers. Some of the accounts are offered for free on forums focused on hacking and data breaches. Cybersecurity intelligence firm Cyble told BleepingComputer that Zoom accounts were first seen appearing across these forums on April 1, 2020, they were posted for free in order for the user to gain reputation points.

BleepingComputer notes that of the 350+ accounts posted, 290 related to colleges such as the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and many more. BleepingComputer reached out to some of the emails featured on the lists and confirmed that many of the login credentials were correct.

After seeing a large number of accounts for sale on another forum, Cyble reached out to purchase some in an attempt to warn their customers of the potential breach. Cyble purchased approximately 530,000 Zoom credentials for less than a penny apiece.

All online services can be affected by credential stuffing attacks which is why using unique passwords for each site that you register an account on is vital. You can check if your email address and password have been leaked in data breaches using services such as Have I Been Pwned and Cyble’s AmIBreached data breach notification services.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com