Help my Zoom Account was hacked
And why you shouldn't re-use passwords
More doom and gloom around Zoom but this time its not actually Zoom, it might be you.
In the news today is the story about how 500,000 Zoom accounts are for sale on the dark web for just a few cents. These credentials include the user’s email address, password, personal meeting URL and host ID. However, this isn’t the result of a hack, but more likely something called Credential Stuffing.
Hackers don’t hack, they just log in
Previous hacks from other websites mean there are always databases of usernames and passwords for sale on the dark web. The cybercriminals have most likely taken the email and password combo and tried to log into Zoom en masse. If the login details worked because the password was the same they were added to this list. You’re only at risk if you use the same combination of email and password across several accounts.
How it affects you
Zoom has recently updated their security settings to help you avoid zoombombing where unwanted guests turn up on screen. However if a bad actor has your login details, they don’t need to zoombomb, they just log in with your credentials. If you're worried, change your password now making sure it's one you've not used anywhere else.
Is it safe to use Zoom?
There’s a lot of debate about the pros and cons and using Zoom. While it has its issues, so do a number of other platforms and you can overcome many of these by using the recommended security settings below. It also comes down to risk - what are you doing on Zoom? Company strategy, sensitive HR calls, kids classes or just Wine 'n Zoom on a Friday night? Remember if you're recording the meetings you need to let the participants know. Don't take screen shots that expose their userIDs and if you use the chat function, know that the transcript will be included in the recording too.
Invest in a Password Manager
But most of all please please please use unique passwords on all your accounts to avoid credential stuffing. The simplest way to manage this is to invest in a Password Manager like Dashlane, LastPass or 1Password. Its a great lockdown housekeeping task that will make you 100% more cybersecure instantly.
Zoom has added a Security Toolbar Icon for Hosts which exposes all of Zoom’s existing in-meeting security controls in one place.
- Add a password to your meeting
When scheduling your meeting, generate a meeting ID automatically and tick the 'Require meeting password option'.
- Get your participants to knock on the door
Zoom has a waiting room feature. Your participants will see the message "Please wait, the meeting host will you in soon".
As the host you will be alerted when anyone join's, and you can see those waiting by clicking 'Manage Participants' on the toolbar at the bottom of your screen.
- Never share your Personal Meeting ID
This is your 'room' and anyone can enter while you might be on another call. Rather generate a unique meeting ID each time.
- Disable participant screen sharing
To prevent your meeting from being hijacked by others, disable anyone from sharing their screen. As a host, this can be done via the Security option.
- Lock meetings when everyone has joined
If everyone has joined your meeting and you are not inviting anyone else, you should Lock the meeting so that nobody else can join. Do this via the Security Options icon.
- Do your updates
Zoom are continually developing fixes to keep you secure. Install the updates when prompted, they contain the fixes.