More than 500,000 Zoom accounts are being offered for sale on the dark web and hacker forums for 0.0020 cents each, and in some cases accounts are given away for free, according to Bleeping Computer.

It appears that the credentials were not stolen fr om Zoom, but instead gathered via credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches.

The information was first discovered by researchers at cybersecurity intelligence firm Cyble at the beginning of April when they noticed free Zoom accounts being posted on hacker forums “to gain an increased reputation in the hacker community”. These accounts are shared via text sharing sites wh ere the threat actors are posting lists of email addresses and password combinations.

The researchers purchased more than 530,000 Zoom accounts on a hacking forum. The account details included a victim's email address, password, personal meeting URL, and their HostKey. In some cases the accounts belonged to well-known companies, such as JPMorgan Chase Bank N.A. and Citigroup Inc.

For the accounts that belonged to Cyble's customers, the intelligence firm was able to confirm that they were valid account credentials.