The Coronavirus crisis has forced many organizations to embrace “work from home”. Zoom platform has become increasingly famous due to this, but also for its vulnerabilities which have surfaced in the past month, allowing attackers to steal windows passwords and escalate privileges on MacOS.
A database containing more than 2300 usernames and passwords of Zoom accounts have been discovered by IntSights. Many of these accounts belonged to banks, consultancy companies, educational facilities, healthcare providers, and software vendors, amongst others.
The database includes details of Zoom accounts such as email, password, meeting IDs, names and host keys. Additionally the database also includes data of personal accounts.
Users are recommended not to make the meetings public or share the meeting links in social media and make sure that your meetings are password enabled.
Zoom also recently makes a change that it will not display meeting ID on the title toolbar, instead title will be marked as Zoom.