Zoom, the increasingly popular video calling service, appears to be leaking data like a pasta drainer According to a new report, Zoom users' email addresses and photos are being made public, allowing strangers to initiate video calls with anyone
The news comes from Vice, which points out that there is a problem with Zoom's default settings, often making everyone using the same email domain registered in the "company directory" and visible to each other
Many new Zoom users may not know about this setup, but before COVID-19 changed life as we know it, Zoom was primarily a corporate tool
To find the Company Directory setting to disable this feature, Zoom users with paid accounts canhttps://zoomus/account/im/settingを開いてください。
Zoom is a major webmail providers are excluded to try to prevent problems with this feature:
By default, Zoom's contact directory only contains email addresses that use the same account or are from the same domain (gmailcom, yahoocom, hotmailcom, etc) using the same organization's internal users in the [Company Directory] section, except for commonly used domains
You may also use this Zoom page to submit your email domain for an exemption
This nifty user-sorting idea runs into problems when encountering webmail domains that are not widely known Vice saw this problem occur with the Dutch ISP domains xs4allnl, ddsnl, and quicknetnl Zoom We spoke to user Barend Gehrels, who saw this problem on the Dutch ISP domains xs4allnl, ddsnl and quicknetnl
Free users still seem to be affected, even though they do not have access to Zoom's Company Directory settings
According to Twitter user @JJVLebon, he "registered with a private email" and "got 1000 names, email addresses, and even pictures of people in the company directory" The user used the hashtag #GDPR to highlight the privacy threat
Hopefully, Zoom will change this system soon, as Zoom has become the app that stay-at-home people use to communicate with others I too have used Zoom to take yoga classes online And while we can put this away as a niche issue, it is one that we need to opt-in to, rather than rushing to opt-out
And one more thing: don't share screenshots of your Zoom meeting IDs online British Prime Minister Boris Johnson learned this lesson when he tweeted the photo below, but did not cut out the nine-digit ID number used by Her Majesty's Cabinet:
Comments