LOS ANGELES - A Beverly Glen woman suspects a hacker utilized the popular video conferencing app ‘Zoom’ to remotely access her computer and steal over $60,000 from her bank account. Now, LAPD and Zoom are investigating, and the company says that they have no evidence their software could be responsible.
Marla Brown tells FOX 11 she downloaded Zoom in late March to participate in video conferences with her work colleagues during the pandemic.
“Everything went really well, it’s quite a cool device,” Brown said.
But two days after the download, in early April, she says she noticed something.
“I decided to turn on my computer, and low and behold, greeting me at the top of the desktop was a light, a tiny little light, and I looked carefully at it, and it said it was being operated from another location,” Brown said.
Startled, Brown told FOX 11 she deleted Zoom immediately.
“I said, well that’s bizarre, of course I had heard some rumors about Zoom and I thought, well, I’m only using it this once,” Brown said. “Everything was fine until a couple of days ago when I checked my bank account.”
Brown was shocked when her bank statements showed several unauthorized transfers of massive amounts of cash out of her account, immediately after the download.
$50,000 on one day. More than $10,000 on two other days. The thefts, all adding up to a staggering amount.
“Approximately $64,000 dollars,” Brown said.
Brown immediately called her bank, and the police. She filed a police report with LAPD, and the department confirmed they’ve launched an investigation for identity theft, but wouldn’t comment any further.
In a statement to FOX 11, Zoom said the following:
“Zoom is investigating this matter, though we have found no evidence to date that such an attack could occur as a result of using legitimate Zoom software. Zoom users should be aware that links to our platform will only ever have a zoom.us, zoom.com, or zoom.com.cn domain name, other than those three, no other domain or formulation of the name Zoom belong to the company. Prior to clicking on a link, individuals should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
Brown told FOX 11 she downloaded the app directly from the legitimate zoom.us website.
Recently, Zoom has been in the headlines for major privacy concerns, including Zoom conferences being “Zoombombed” or hijacked by online trolls.
A shocking report by Bleeping Computer revealed that over 500,000 Zoom accounts were sold on the dark web for as cheap as a penny, and sometimes even free.
These reports led Zoom to post numerous bulletins about how they plan to improve security.
In response to the dark web report, Zoom released the following statement to FOX 11.
“It is common for web services that serve consumers to be targeted by this type of activity, which typically involves bad actors testing large numbers of already compromised credentials from other platforms to see if users have reused them elsewhere. This kind of attack generally does not affect our large enterprise customers that use their own single sign on systems. We have already hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down thousands of websites attempting to trick users into downloading malware or giving up their credentials. We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts, and are looking at implementing additional technology solutions to bolster our efforts.”
As for Brown, she told FOX 11 that while she thinks Zoom works great for what it does, she suspects it somehow opened the door for her hacker.
“It was a very nice thing, but unfortunately, somebody has thrown a wrench in it, so that’s too bad,” Brown said.
In fairness to Zoom, there is currently no confirmation that the app is the reason Brown’s computer was accessed by the hacker. LAPD and Zoom are investigating to find out exactly what happened.
Brown asked her bank to close her account, and she is starting the process to get her stolen money back.