Credentials for 500M Zoom accounts have been found for sale on the “dark web.”  Personal information includes email addresses and passwords, along with the specific credentials given to Zoom meeting hosts to secure their calls.

Criminals did not hack Zoom to get this information.  Instead, they used already-stolen identities and accounts from other services to figure out how users log into Zoom.  Credentials that have been reused across multiple services are likely to be used over and over, which is why there is a criminal market for them.

One more good reason to change passwords, do not use the same password for everything, and certainly to have (wildly) different passwords for critical services like banking than you do for your Social Media logins.

For a more detailed write-up on Password best practices, read my previous blog Passwords, the Dos and Dont's you need to know.