With 80% of the American population under stay-at-home orders and another large portion of people working and collaborating from home, there's been a notable increase of video conferencing. Family members are staying in touch via video calls when they would have been otherwise able to see one another, and teams are conducting business online when they would sit in a conference room under normal circumstances.
Of all these video conferencing apps, Zoom has emerged as the go-to for many people and businesses.
But with increased use comes increased scrutiny, and in the past week alone, users have been alerted to more than one flaw in its system. The latest? Zoom is leaking user information, like email addresses, because of the way the app groups contacts.
Zoom user information leak
Zoom organizes contacts by email domain to create a "Company Directory." That means you can search for anyone and find their user photo and their email address and then start a video call with that person. But Zoom has apparently been grouping some people who signed up with a personal email together, which means people within that group can see other people's emails and photos - even if they aren't colleagues at the same organization.
Zoom's spotty security record
This isn't the first security mishap on Zoom's record, especially in recent months and even in just the past few weeks. Just last July, a security researcher uncovered a malicious website that could open a Zoom video call on Mac computers without needed the user's permission. In January, another flaw allowed hackers drop in on Zoom calls. And even this week, Zoom reluctantly confessed that video calls aren't end-to-end encrypted, contrary to what Zoom's website says. That means that Zoom meeting data is encrypted between a user and Zoom's servers - not between users.
What that means for users
While there should be no interruption in the day-to-day use of the Zoom app, having your data and information exposed even in the most minor way can lead to an increased risk of identity theft. Whether it's an exposed email address or hackers dropping in on your call, cyber criminals can use the information they find to do anything from open accounts under your name or make unauthorized purchases. With an increased amount of time spent online as we turn to the internet to conduct business, stay in touch, read the news, and so much more, it's a great time to invest in one of the best identity theft protection services. For extra security and privacy, try one of the best VPN services.