Over 500,000 Zoom accounts have been sold on the "dark web" and hacker forums for less than $1 each. Some have been given away.

However, these accounts were not compromised by the Zoom data breach. Bleeping Computer states that according to information from Cyble, a Singapore-based information security firm.

Rather, these accounts were harvested from credential-stuffing attacks over the past several years, and possibly phishing attacks.

Cyble purchased 530,000 account credentials for approximately 0.2 cents each. These accounts included email addresses, Zoom passwords, Zoom personal meeting URLs, and Zoom host keys. Many of them were clearly associated with universities and businesses, including Chase and Citibank.

If your Zoom account was created before the Corona virus lockdown began, it may be best to change your Zoom password to something strong and unique. Doing so will protect you from credential-stuffing attacks that may have concealed this Zoom credential.

A credential stuffing attack is when a criminal attempts to access an un-compromised online account using an email address and password obtained from another data breach. Such attacks work only because many people reuse passwords for multiple accounts. Using the best password manager will help you avoid this trap.

Cyble operates its own data breach notification service called AmIBreached, which allows you to plug in your email address or user name to see if you are part of a data breach or credential set. If so, you need to sign up for a free account to see which company your credentials were stolen from.

It is unclear if Zoom's credentials have been added to the AmIBreached data set yet, but if not, they probably will be soon.

The Zoom dataset will also likely be added to the free HaveIBeenPwned infringement notification service in the next few days. There is no need to create an account to use this service.