A recent investigation in the United States has shockingly revealed that thousands of Zoom meetings recorded on the platform can be viewed on the open web. These videos of personal and sensitive nature are public, which has put the security of the people involved at risk, breaching privacy and security protocols.
It appears that videos were recored via platform’s software and were saved without a password on online cloud storage. As the company has a very simple and insecure method of saving files, in which all video recordings are named in an identical way, it can expose the tread of stored videos via an easy online search.
The Washington Post was told about the existence of Zoom videos online by Patrick Jackson, a former researcher for National Security Agency and currently, technology chief of Disconnect (a privacy software company). Using a free online search engine, Jackson scanned through open online storage spaces for files saved under Zoom’s default naming convention. He easily found more than 15000 unprotected recordings of Zoom meetings in a single search. To make a bad situation worse, lots of breached Zoom clips have been uploaded on sites like Vimeo and YouTube with out the owners’ consent and knowledge.
Five people identified in the videos The Post viewed said they had no idea how the footage made its way online, the Post reports.
Although the platform informs participants when the host records a meeting, that doesn’t ensure safety of the recorded meeting once it is saved.
As Zoom is currently used at home under lockdown due to COVID-19 pandemic for personal, educational and business purposes, those videos contain personally identifiable private and confidential information of people involved. The company’s daily users number reached an impressive 200 million in March alone, as coronavirus related precautionary measures began to be enforcement strictly in the United States and around the globe.
This news pokes holes in the company’s security and privacy claims, and adds to the list of Zoom’s platforms issues like access to user’s webcams and microphones on Mac, no end-to-end encryption of video calls and Zoom trolling. A statement by Zoom said:
“Zoom provides a safe and secure way for hosts to store recordings and should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants’ reasonable expectations,”
Public access to Zoom video calls recordings on the web is a matter of grave concern for the company and its customers. User’s personal information in the wrong hands can lead to devastating consequences like blackmail, kidnapping, pornography, selling competitors secrets and more.
Eric Yuan, Zoom’s chief executive, gave an unsatisfactory explanation of the company’s inability to provide a secure platform for audio and video communication. He said:
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. The system’s new user base, is using Zoom in a number of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”
In today’s world, where virtual presence is big part of everyone’s life, it is problematic for a company to say that it did not plan properly for possible security and privacy issues on its platform, and is equal to accepting incompetence.