There are over 500,000 stolen Zoom logins floating around the dark web. That’s not good, especially since they’re being sold for next to nothing, but it’s a great reminder that you should not be using the same credentials for different services.
You can undo—and prevent—any unwanted access to your account with the proper tools and security settings, but you shouldn’t have to. In this case, Zoom wasn’t breached; the accounts are all byproducts of data breaches on other services, and the logins and passwords were simply used to log into users’ Zoom accounts. From there, users’ personal meeting URLs and host keys were copied and dumped into one big archive of stolen credentials.
Step one: Check to see which of your accounts has been involved in a data breach
To start, use a free service like Have I Been Pwned or pwdquery to see if the email or passwords associated with your Zoom login are floating around the web. If it is, you should start updating your various accounts with new, unique passwords and strong security settings like two-factor authentication.
Even if your email passes the Have I Been Pwned check, it’s worth updating your Zoom password anyway, especially if you tend to use the same passwords for multiple accounts. Stop doing that. If you’re worried about remembering all those new passwords, try using a password manager to keep them safely collected in one spot.
Step two: Check your Zoom settings
If you suspect that someone might have accessed your (paid) Zoom account, you’ll definitely want to change your personal meeting ID so future uses of it don’t get Zoombombed. You’ll also want to change your six-digit host key, the critical number that allows you to take over your scheduled meetings as their host. Changing this via your Zoom profile is easy:
I also recommend clicking that tiny link at the bottom—”Sign Me Out From All Devices”—once you’ve updated your password.
If you’re on a paid plan, or participating in your company’s Zoom account, try visiting your Security settings page in your profile and enabling two-factor authentication. If you have the option, this will save you a world hurt if, or when, someone nabs your account credentials in the future. (Why Zoom can’t just roll out this feature to everyone, free or paid, I’ll never know.)