Zoom Data Breach

  • By David Lukic
  • Published: Nov 02, 2021
  • Last Updated: Nov 23, 2023

Zoom has become a widely popular video conference and meeting platform over the past few years. The video conferencing giant offers free service to individuals and paid accounts for companies. The variety of plans come with different options. Although they promise top-notch security, Zoom experienced a major data breach earlier this year, affecting more than half a million users!

Zoom is no stranger to security issues. Over the past year, multiple lawsuits and investigations have haunted Zoom due to poor security practices and privacy issues. Google actually banned its employees from using Zoom due to security issues.

Online classrooms have even been “Zoom bombed” meaning hackers join the meeting illegally and post inappropriate content for all to see. Hackers also got their hands on 500,000 user account passwords in April and offered them up on the dark web for cheap money or, in some cases, for free. So how did they get their hands on all those accounts? Credential stuffing.

For those who don’t know what credential stuffing is, it’s when hackers use a database of old usernames/passwords and try them on other websites. Unfortunately, due to the fact that many people reuse passwords across multiple sites, this technique often works. These cybercriminals then created a database of the usable credentials and sold them online, exposing the data for 500,000+ Zoom users.

The usernames and passwords were not all that were included in this list. Along with them were the victim’s email address, personal meeting ID, and a 6-digit PIN used to claim hosting controls inside a meeting for that user.

Data Breach at Zoom

When Was the Zoom Data Breach?

Cybersecurity experts noticed the Zoom accounts on the dark web around April 1, 2020. The breach must have happened in the months prior as hackers worked tirelessly to harvest all the usernames and passwords, which they then sold for a penny apiece.

How to Check if Your Data Was Breached

Although Zoom has not provided any type of online tool to check to see if your data was breached in this event, you can use one of the various online tools like HaveIBeenPwned and AmIBreached to check to see if your usernames or passwords are out there on the dark web for sale. You can also use third-party search tools to check for any breaches and whether or not your information is exposed.

What to Do If Your Data Was Breached

If you are one of the many accounts listed in the Zoom data breach, change your Zoom password immediately. If you reused the same username or password on any other websites, change those as well. Be sure to use really long, complex passwords (a mix of lower and uppercase letters, numbers, and symbols) and always opt-in for 2-factor authentication when it is offered.

Data Breach Lawsuits

Are There any Lawsuits Because of the Data Breach?

Yes. Zoom is currently facing multiple class-action lawsuits due to many security and privacy issues stemming from their shared information with Facebook and other concerns. 

New York’s Attorney General also sent Zoom a letter outlining her concerns and requesting a plan of action to fix the vulnerabilities. In early April, Congress reached out to Zoom in an attempt to obtain information about the security issues and plans for resolution.

The Washington Post reported that thousands of video call records were left unattended and open to the public on the web. Some of these recorded calls included personally identifiable information (PII) such as therapy sessions, Telehealth data, company financial data, student information, and more.

The state of California initiated a class-action lawsuit regarding the Facebook leak of information, the lack of end-to-end encryption as promised, and the webcam vulnerability allowing hackers to take control of someone’s device.

Can My Zoom Information Be Used for Identity Theft?

Absolutely. Unfortunately, hackers have not just breached user information, but due to the wide variety of other security and privacy issues with Zoom, a lot of your information may have been exposed, and some of it could be used for identity theft. The path to identity theft and fraud begins with only a name, then an email, and if hackers gain access to any of your login accounts, they can see your entire profile. If you reused passwords on multiple websites, it is unclear how much information they could have potentially stolen about you and use for identity theft or fraud.

Zoom Identity Theft

What Can You Do to Protect Yourself Online?

Although you could choose to stop using Zoom, even with the security issues, it is still a useful and free tool for video conferencing and meetings. However, you can certainly take steps to keep your online life safe and protect your personal information. Some things you should consider immediately are:

  • Change all your login passwords, especially if you reused your Zoom credentials on other sites.
  • Only use really strong, complex passwords that do not contain any personal information like a birthdate or address.
  • Sign up for two-factor authentication on Zoom and other platforms whenever it is available to you.
  • Update all your devices (computers and mobile devices) with the latest security patches.
  • Install and run antivirus/anti-malware software on all devices.
  • Keep an eye out for phishing or other suspicious emails and never, ever click a link or call a phone number contained in an email. Instead, go to the web yourself and log in or get the information to call.
  • Review the privacy settings for your camera and microphone and which apps have access. 
  • Never give out personal information to anyone you don’t know.
  • Never enter credentials on an account without the proper security (HTTPS).
  • Regularly scan your bank and credit card accounts for any suspicious activity.
  • Consider signing up for credit and identity theft monitoring.

You cannot do enough to keep your private information safe when using online tools and resources. Your best defense is to use common sense, and if something seems “off” walk away or take quick action to protect yourself and your identity.

About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close