A privacy expert found that thousands of personal Zoom videos – containing company financial info, therapy sessions, school children classes and even nudity – were left viewable and searchable by anyone on the internet. 

The revelation comes as millions across the US flock to the video call platform to conduct business because of coronavirus pandemic social distancing orders and lockdowns.

The increase in usage – reported by Zoom to have been 200million users in March, compared to 10million in December 2019 – has led to increased scrutiny of the platform’s security measures, as hackers and trolls have started to target Zoom users.  

A security expert found thousands of private Zoom video call videos had been saved without passwords and posted for viewing and download on online storage clouds (file image)

RELATED ARTICLES

Previous

1

Next

Facebook takes on Zoom with new standalone desktop Messenger… Surgeon General tells Americans how to make their own ‘cloth…

Share this article

Share

The Washington Post reported that the videos included adult’s names and phone numbers, one-on-one therapy sessions, telehealth training sessions and small business financial meetings, while also revealing elementary school-age children’s faces, voices and personal details.  

At least one video featured nudity, when an aesthetician used the platform to teach students how to perform Brazilian waxes. 

The videos were uncovered by privacy-software Disconnect’s chief technology officer, Patrick Jackson, who found them while using a free online search engine that digs through open cloud storage space. He then flagged the issue with the newspaper. 

‘This was stuff I didn’t feel good watching, and I doubt all of the people here know these videos are public,’ he said. 

It’s believed the videos were recorded through Zoom and then saved – password-less – onto a separate online storage space, like Amazon buckets or uploaded to YouTube and Vimeo. 

The videos revealed user names and phone numbers, included business financial information, nudity, virtual classrooms filled with school children and therapy sessions

Zoom CEO Eric Yuan said Wednesday that the platform was being used with unexpected frequency and in ways the company hadn’t intended, creating new security challenges it was working to fix 

The videos were then searchable online and available to watch or download because the videos were saved using an identical naming convention. 

Jackson found more than 15,000 videos during one search of recordings using the naming convention.  

Although Zoom does not record video calls by default, it does allow call hosts to record them and save them to either Zoom’s servers or computers, bdavn [https://www.bdavn.com] without consent of participants. 

Participants are, however, notified that a recording has been initiated.  

Several people whose videos were found online told the Washington Post that they didn’t know how their Zoom calls wound up on the internet. 

The owner of dog-training company Peace of Mind Canine, Jack Crann, told the newspaper that his call, which included private financial details ‘was a meeting for us, and shouldn’t be put out for the public.’ 

Meanwhile, Ruth Schwartz, the director of LGBTQ relationship-support group Conscious Girlfriend, was said to be alarmed by the fact that videos of group sessions were available to watch online. 

Although she has now protected the Zoom videos, she worries about other support groups like hers, which may unknowingly have their private sessions posted online for public viewing. 

‘It’s a really important wake-up call,’ Schwartz said. ‘Social connection is one of the biggest predictors of mental and physical health … It’s so important for all of us who do this kind of sensitive work to take the precautions to protect our communities.’  

Zoom told the Washington Post that they ‘urge’ users to ‘use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants’ reasonable expectations.’ 

A former NSA hacker told TechCrunch on April 1 that he had found two new flaws in the Zoom app, which allowed hackers to hijack users’ webcam and their microphone. 

It had previously been revealed that platform bugs allowed hackers to steal Windows passwords and compromise security on Macs and that code in the app had allowed  users’ personal data to be disclosed to third parties, including Facebook.

On April 3, DailyMail.com reported exclusively that Zoom CEO Eric Yuan, 50, along with several senior executives sold millions of dollars’ worth of their shares. 

The stock trades were revealed on the heels of news that two lawsuits had been filed against Zoom by users alleging breaches in privacy and also that the company is currently being investigated by the New York Attorney General and the FBI. 

The emerging privacy concerns and security issues have blipped on Congress’ radar, leading to 19 House Democrats asking Zoom for details on its data-collection and recording rules. 

In a blog post on Zoom’s website, Yuan said Wednesday that the company’s platform was being used far more now, suddenly, than the company had originally anticipated. He said the platform was also being used in a number of ‘unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.’

He also said that the company would be ‘shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues’ over the next three months.   

Read more:

– The Washington Post

TechCrunch is now a part of Verizon Media

A Message to Our Users – Zoom Blog

Excellent teacher for both piano and voice!

Cynthia Dougherty Thompson / Parent

Wonderful voice teacher! Great experience for my daughter.

Nancy Baker Vaught / Mother

My 6 year old son is flourishing under Larisa's instruction. He loves going every week and is really motivated to work on his own. I give Larisa my strongest recommendation!

Tim Peterson / Parent