WebProNews

Tag: Zoom-bombing

  • Zoom Settles Class Action Privacy Lawsuit for $85 Million

    Zoom Settles Class Action Privacy Lawsuit for $85 Million

    Zoom has agreed to settle a class action privacy suit for $85 million over missteps the company made early in the pandemic.

    Few companies have benefited as much or become so synonymous with pandemic-fueled remote work and learning as Zoom. Once a company that focused priorly on the enterprise, Zoom has become a household name, used across industries and demographics.

    Unfortunately, its meteoric growth came with some major growing pains. The company overstated the level of encryption it provided; it used an SDK that sent data to Facebook without users’ permission; and it failed to provide the necessary security to prevent Zoom-bombing. The missteps were severe enough to prompt the company to enact a 90-day moratorium on new features until security issues could be addressed.

    The company was the target of a number of lawsuits over the missteps, lawsuits which were consolidated into a single class action suit. Zoom has now agreed to settle and make changes to improve its security even more, according to ZDNet.

    Among the changes the company will make is improved notifications to better inform users when a host uses a third-party application, as well as inform users who can access user information and content.

    The plaintiffs are also requesting their legal fees be paid, which would add an additional $21.25 million to the settlement.

  • Zoom Pivots to Security Amid Ongoing Criticism

    Zoom Pivots to Security Amid Ongoing Criticism

    Zoom is taking drastic measures to improve its security and privacy amid criticism and scrutiny as it serves hundreds of millions of users.

    As the pandemic sweeps the globe, individuals, corporations and organizations of all types are making drastic changes to their daily workflows and routines. Zoom has become an integral part of those routines, and hundreds of millions of users have begun to rely on the platform for school, work and socializing.

    Unfortunately for the company, the increased usage has also brought increased scrutiny, especially in the realm of privacy and security. The company has been called to task for not using end-to-end encryption, as its marketing claims; for leaking email addresses; for sending data to Facebook without informing users, before finally removing the offending SDK; and for a rash of Zoom-bombing incidents where outside individuals gain access to a Zoom meeting and make a nuisance of themselves.

    In view of these challenges, Zoom is taking drastic action to beef up its security and privacy. In a blog post on the company’s site, founder and CEO Eric Yuan said the company is enacting a freeze for 90 days in order to shift all “engineering resources to focus on our biggest trust, safety, and privacy issues.”

    The company also plans to conduct a comprehensive review with third-party experts and release a transparency report. It will also enhance its bug bounty program, and engage in a number of white box penetration tests. Zoom has also improved its privacy policy, apologized for not handling its encryption issues clearly and tried to help individuals address Zoom-bombing.

    In short, the company is pulling out all the stops in an effort to improve its privacy and security, no small task given how quickly the platform has grown.

    “To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million,” writes Yuan. “In March this year, we reached more than 200 million daily meeting participants, both free and paid.”

    As we said in a previous article, “the increased scrutiny of Zoom is a good reminder to companies that privacy and security should never be an afterthought. Instead, they should be a core feature, built in to an app or service from day one.”

    That statement remains true—security and privacy should never be an afterthought. At the same time, it’s time to give credit where credit is due: Zoom is stepping up to the plate and doing everything possible to provide its users with the privacy and security they expect and deserve.

  • FBI Warns of ‘Zoom-Bombing’ As Videoconferencing Soars

    FBI Warns of ‘Zoom-Bombing’ As Videoconferencing Soars

    The FBI is warning of ‘Zoom-bombing,’ where videoconferencing meetings are being hijacked by unwelcome participants.

    Zoom has quickly become one of the most popular videoconferencing platforms as millions of individuals self-isolate and work from home. The software is being used by companies, schools and individuals looking to continue some semblance of normalcy.

    Unfortunately, bad actors have been taking advantage of the platform and hijacking meetings. These disruptions have ranged from shouting profanities at the participants, to screen sharing pornography to the group. As a result, the FBI is recommending that Zoom users enable a number of settings to limit the risk, including:

    • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
    • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
    • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
    • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
    • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

    These are excellent suggestions that everyone using Zoom should put into practice immediately.