Zoom went ahead and removed what they called a feature a few days ago but now they are under scrutiny again for their handling of user’s private data.
According to Vice, “The issue lies in Zoom’s “Company Directory” setting, which automatically adds other people to a user’s lists of contacts if they signed up with an email address that shares the same domain.”
Zoom users are saying they that when they signed up with personal email addresses Zoom pooled them together with thousands of other people as if they all worked for the same company. Then each of these thousands of users can see each other’s personal information.
“I was shocked by this! I subscribed (with an alias, fortunately) and I saw 995 people unknown to me with their names, images and mail addresses.”Barend Gehrels, a Zoom user who wrote Motherboard
Gehrels provided a redacted screenshot of himself logged into Zoom with almost 100 other users he doesn’t know.
Zoom says “By default, your Zoom contacts directory contains internal users in the same organization, who are either on the same account or who’s email address uses the same domain as yours (except for publicly used domains including gmail.com, yahoo.com, hotmail.com, etc) in the Company Directory section.”
Another Zoom user said “I just had a look at the free for private use version of Zoom and registered with my private email. I now got 1000 names, email addresses and even pictures of people in the company Directory. Is this intentional?”
A Zoom spokesperson stated “Zoom maintains a blacklist of domains and regularly proactively identifies domains to be added,” a Zoom spokesperson told Motherboard. “With regards to the specific domains that you highlighted in your note, those are now blacklisted.”
Last year, Zoom had a flaw that allowed hackers to turn on someone’s webcam without their consent, and without them noticing. On top of that, when someone had the Zoom app closed and even uninstalled, the software left a web server up and running, allowing for an automated install of the app if someone invited the user to a Zoom call. Finally, Zoom makes it really hard for you to join calls without installing the app, even though that’s possible.
Zoom’s public apology:
“We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data.”
Yesterday a user filed a class action lawsuit against Zoom for the the Facebook data leak. At the same time the New York Attorney General sent a letter to Zoom asking what the company had put in place in terms of security especially since the app has sky-rocketed in popularity.
If you are currently a Zoom user you may want to look at alternatives.
By Platform De.Central | Source: Motherboard