In April 2020, cybersecurity firm Cyble reported discovering approximately 530,000 Zoom account credentials being sold on dark web forums for as little as a fraction of a cent each, with some being given away free. Zoom confirmed the accounts were compromised via credential stuffing attacks using credentials from unrelated prior breaches (not a breach of Zoom’s own infrastructure). The timing coincided with the massive surge in Zoom usage during the COVID-19 pandemic — daily meeting participants jumped from 10 million in December 2019 to over 300 million in April 2020. The compromised accounts included personal meeting URLs, email addresses, passwords, and host keys. Some accounts belonged to educational institutions, financial firms, and healthcare organizations. Zoom stated it was working with intelligence firms to identify credential stuffing tools and block them, and was implementing automated bot detection. The incident highlighted the risk of password reuse across services and the targeting of high-profile platforms during the pandemic period. Zoom was concurrently dealing with multiple security and privacy concerns including ‘Zoombombing’ incidents.