Warning: Zoom data breaches - Account data available on dark web

Due to numerous enquiries on the matter, we would like to inform you of a larger credential stuffing attack on the video conferencing tool Zoom. The assailants were able to obtain the data of over 500 000 accounts, at very least the associated email addresses and passwords.

These accounts are being passed on, partly free of charge, partly for a fee. With this access information, it is possible to access and automatically download any personal data on these accounts such as recordings of meetings and contact information, among other things. [1,2]

Beyond that, we would like to point out that due to this incident and the safety deficiencies of Zoom recently reported in the media (see [3] for example), Google has prohibited the use of this service [4]. Should you be registered with Zoom under your university email address, please change the associated Uni-ID password just in case.

For work-related digital collaboration, please use the services recommended by the URZ in this overview.



[1] https://www.heise.de/security/meldung/Zugangsdaten-fuer-hunderttausende-Zoom-Accounts-zum-Kauf-im-Darknet-entdeckt-4701838.html

[2] https://www.spiegel.de/netzwelt/web/zoom-zugaenge-zu-einer-halben-million-accounts-werden-verscherbelt-a-b9a85a91-706d-45ec-8ff5-8d5b0335701f

[3] https://www.heise.de/security/meldung/Videokonferenz-Software-Ist-Zoom-ein-Sicherheitsalptraum-4695000.html

[4] https://www.spiegel.de/netzwelt/zoom-google-verbannt-videokonferenz-software-von-arbeitscomputern-a-ef7949e2-32ed-445b-b31c-430349904676


(Image: wk1003mike / Shutterstock)
Bild: Sicherheitsschloss