Want to stay safe on Zoom? Don't use the same password for all your apps

Passwords can be annoying, but to stay safe online, they must be different across apps.

This is the advice from local cybersecurity experts, who said the sale of Zoom passwords on the dark web was the result of people using the same password for all their applications.

At the beginning of April it was reported than more than 500,000 passwords for the video conferencing app were on sale on the dark web.

"Passwords are painful. I get it. But using the same password over and over again puts you at risk.

"Zoom login details available on the dark web are not for sale because of a Zoom vulnerability or technology problem, but because people are using the same passwords across multiple sites," said Anna Collard, managing director at KnowBe4 Africa.

She said using a technique called “credential stuffing”, hackers try logging into Zoom using account details obtained from older data breaches.

"This attack is highly popular because there are automated tools available that can sift through billions of stolen user names and passwords without requiring any special skills. They then compile lists of successful Zoom logins and sell them to anyone who is interested."

Mimecast cybersecurity expert Mikey Molfessis said the Zoom hack was another reminder why people needed to practise good password hygiene.

"These passwords were likely accessed via previous data breaches, and criminals tested these passwords on Zoom to see which were being reused on the platform. Contrary to popular belief, when criminals access accounts they don’t simply guess passwords but rather test passwords they have harvested from phishing attacks or have accessed from data breaches."

He said Zoom was an obvious target for criminals because of the drastic increase in users over the past few weeks, and the chances of finding reused passwords were high.

"It’s important to note that Zoom was not breached, but rather previous breaches led to passwords being uncovered. If users are reusing passwords across several platforms, criminals can now gain access to other sites to get their hands on personal data and potentially compromise bank accounts and credit cards for monetary gain," Molfessis said.

"If anyone is reusing their password on any platforms – Zoom or otherwise - they should change these immediately. Passwords should consist of a mix of upper case and lower case letters, numbers and special characters and passphrases.

"Best practice is to use a unique password for each online profile and to make use of a password manager so you don’t have to worry about remembering all of them."