Zoom instituted new security controls for meetings, including new password requirements. Operational: Increased time and effort taken to reset user details.Financial: Many organizations banned Zoom as a communications platform, resulting in direct lowered revenues for monthly subscriptions.The Zoom data leak had multiple damaging impacts: By posting a screenshot to Twitter, Johnson compromised the forum and discussions of state business.
Breach 2020 code#
One of the biggest exposures was experienced by UK’s Prime Minister, Boris Johnson, who used his permanent Personal Meeting ID instead of a separate meeting code for government business during the COVID-19 crisis. This breach of confidentiality by attackers during virtual meetings caused the leakage of source code, trade secrets, and other highly sensitive information. With this data breach, Zoom lost over 500 million usernames and passwords throughout their user base. This problem originated when Zoom converted Windows UNC paths into clickable links.
Attackers were able to use the Zoom Windows client’s group chat feature to share and leak links online. Several issues managed to creep in, including poorly randomized, easily guessed or widely broadcast meeting room information without sufficient detective or preventive security controls.Ĭustomer credential use was rampant with the lack of appropriate Zoom corrective security controls. Attack Detailĭue to the COVID-19 pandemic, Zoom experienced a huge user uptick with multiple incidents throughout early 2020. Pulling from one of the case studies, this article provides a security analysis overview of the 2020 Zoom breach.
The Deep Dive connects the dots between CSA Top Threats by using nine real-world attacks and breaches. This case study is based off of CSA’s Top Threats to Cloud Computing: Egregious Eleven Deep Dive.
0 kommentar(er)
