Issues such as video conferences being hijacked and people's LinkedIn data being shared without their permission have emerged, risking the privacy of Zoom users.
The Video Communications tool, Zoom automatically sent names and email IDs of people signed into a video meeting and used it to match them with their LinkedIn profiles.
The feature that could acquire users' LinkedIn data was available to Zoom users who are subscribed to a LinkedIn sales tool called LinkedIn Sales Navigator.
After enabling the feature, the Zoom user could discreetly view LinkedIn Profile data such as locations, employer names and job titles of the people present in the Zoom meeting by tapping a LinkedIn icon beside their names.
According to the report published by The New York Times on the analysis conducted by their reporters, they also found that despite signing into a Zoom meeting as 'Anonymous' and/or 'I am not here' the feature was able to instantly match them to their LinkedIn profile.
"In doing so, Zoom disclosed the reporter’s real name to another user, overriding his efforts to keep it private." It was also found that the tool didn't need to be initiated, Zoom automatically sent participants’ personal information to the tool.
In an official blogpost published by Zoom, Eric S. Yuan, Founder & Chief Executive Officer, Zoom, mentioned that the platform has "Permanently removed the LinkedIn Sales Navigator app after identifying unnecessary data disclosure by the feature".
He also mentioned that they are currently freezing development and releases of new features and shifting their efforts to trust, safety, and privacy issues while enhancing their current bug bounty program.
This is not the only privacy or malicious activity Zoom has been subjected to. Several reports of video conferences being hijacked and hosts being hacked have emerged around the world.
In Press Release published by the FBI Boston Division, incidents such as an unidentified individual(s) dialing into an online class and yelling profanity and the teacher's home address, and in another incident an unidentified individual displaying swastika tattoos, during Zoom video conferences have been reported.
Recently in India during a Media Event, unidentified individual(s) hacked the video conference, made sexually suggestive remarks and displayed pornography. The incident is currently being investigated.
Such incidents are growing in numbers and have been termed as 'Zoombombing'. The vulnerabilities to the Zoom software may have been existent since the software's inception, but are currently surfacing in higher numbers due to the spike in the usage of the software because of the worldwide pandemic.
These incidents have also been addressed by Zoom and the company is clarifying the protective measures that may help prevent this, such as waiting rooms, passwords, muting controls, and limiting screen sharing.
Video Communication is an important pillar to enable collaboration between teams while remotely working. Zoom boomed overnight and is presently one of the Top Free Apps on Google Play Store with over 100,000,000+ Installs, and has a 4+ rating on both Google Play Store & Apple App Store.
While Work From Home Tools have proved to be a boon for several professionals to implement social distancing while remotely working, such incidents and vulnerabilities cannot be foreseen. Along with the chances of being harassed, there is also a possibility of your company's confidential information ending up in the wrong hands.
If you have been prone to such incidents, please contact the Cyber Crime Division of the Government Of India and file a complaint.