Zoom has a problem with user privacy: half a million accounts put up for sale on the dark web. Here’s how to protect your privacy
If there is a video calling platform that in a few weeks has gone from semi-anonymity to worldwide success, due to the smart working imposed by the current pandemic, it is certainly Zoom: from 10 to 200 million daily active users (data updated on April 1) in just three months. But if there is a platform that was absolutely unprepared for such a boom, it is always her: Zoom.
In early April, in fact, the cybersecurity company Cyble has unearthed in the Dark Web a database containing the login credentials to half a million Zoom accounts. They were on sale for less than a penny per account, some as low as $0.002. For each account the e-mail address of the owner, the password of the Zoom account, the URL used for video calls and the respective host key were available. This is enough for anyone to do “zoombombing”, i.e. enter the video calls of others to disturb them in any way possible: from uttering vulgarities to transmitting pornographic material. Protecting your Zoom account, therefore, is now essential. Here’s how to do it.
How to know if your Zoom account has been hacked
The first step to take, to protect a Zoom account, is to know if it has already been stolen by someone. A first check can be done by testing the email used to access it on a site like Have I Been Pwned or pwdquery: both check if an email address is already present in some database containing stolen credentials. If this is the case, it is better to update the passwords of the various accounts linked to that email address (not just Zoom) and set up two-factor authentication where possible. If the email used on Zoom is the same as the one used on other accounts (which should never be done), it’s a good idea to update the password even if it hasn’t already been stolen.
How to protect your Zoom account
Now we can go into Zoom and set the best security options to secure our account as much as possible. There are two parameters to change right away: the Personal meeting ID (PMI) and the host key. The PMI is automatically assigned by Zoom when the account is created, but can be changed if we have a paid Pro or Corp account.
The host key, on the other hand, is a 6-digit PIN that is used to take control of the meeting. The host key is not relative to the individual meeting, but to the host (i.e. the person who “runs” the meeting). For this reason knowing the host key allows a hacker to take control of the video calls of others. You can change the host key only on Pro, Business, Enterprise and Education accounts.