• January 20, 2021

Zoom is leaking private user data to Strangers

 Zoom is leaking private user data to Strangers

Zoom went ahead and removed what they called a feature a few days ago but now they are under scrutiny again for their handling of user’s private data.

According to Vice, “The issue lies in Zoom’s “Company Directory” setting, which automatically adds other people to a user’s lists of contacts if they signed up with an email address that shares the same domain.”

Zoom users are saying they that when they signed up with personal email addresses Zoom pooled them together with thousands of other people as if they all worked for the same company. Then each of these thousands of users can see each other’s personal information.

“I was shocked by this! I subscribed (with an alias, fortunately) and I saw 995 people unknown to me with their names, images and mail addresses.”

Barend Gehrels, a Zoom user who wrote Motherboard

Gehrels provided a redacted screenshot of himself logged into Zoom with almost 100 other users he doesn’t know.

1585667035243-zoom_blurred
Screenshot provided by Gerehls

Zoom says “By default, your Zoom contacts directory contains internal users in the same organization, who are either on the same account or who’s email address uses the same domain as yours (except for publicly used domains including gmail.com, yahoo.com, hotmail.com, etc) in the Company Directory section.”

Another Zoom user said “I just had a look at the free for private use version of Zoom and registered with my private email. I now got 1000 names, email addresses and even pictures of people in the company Directory. Is this intentional?”

A Zoom spokesperson stated “Zoom maintains a blacklist of domains and regularly proactively identifies domains to be added,” a Zoom spokesperson told Motherboard. “With regards to the specific domains that you highlighted in your note, those are now blacklisted.”

Just last week we reported on Zoom leaking data to Facebook through the Facebook login button and its API. We also reported about Zoom’s other privacy woes, As well as issue it had last year.

Last year, Zoom had a flaw that allowed hackers to turn on someone’s webcam without their consent, and without them noticing. On top of that, when someone had the Zoom app closed and even uninstalled, the software left a web server up and running, allowing for an automated install of the app if someone invited the user to a Zoom call. Finally, Zoom makes it really hard for you to join calls without installing the app, even though that’s possible.

Zoom’s public apology:

“We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data.”

Yesterday a user filed a class action lawsuit against Zoom for the the Facebook data leak. At the same time the New York Attorney General sent a letter to Zoom asking what the company had put in place in terms of security especially since the app has sky-rocketed in popularity.

If you are currently a Zoom user you may want to look at alternatives.

By Platform De.Central | Source: Motherboard

Related post