Zoom is Leaking Peoples' Email Addresses and Photos To Strangers

Popular video-conferencing Zoom is leaking personal information of at least thousands of users, including their email address and photo, and giving strangers the ability to attempt to start a video call with them through Zoom. From a report: The issue lies in Zoom's "Company Directory" setting, which automatically adds other people to a user's lists of contacts if they signed up with an email address that shares the same domain. This can make it easier to find a specific colleague to call when the domain belongs to an individual company. But multiple Zoom users say they signed up with personal email addresses, and Zoom pooled them together with thousands of other people as if they all worked for the same company, exposing their personal information to one another.

Re: Some critical information missing here...

[Åke Malmgren]

So it's a leak with an optional plug. A little better, but not good.

Oh Boris

[tradica]

That Meeting ID :/ --- https://twitter.com/BorisJohnson/status/1244985949534199808 [twitter.com]

Re:

[ZuckFucker]

That Meeting ID :/ --- https://twitter.com/BorisJohnson/status/1244985949534199808 [twitter.com]

What a dumbass,

Is this growing pains or emulating Facebook model?

[Anonymous Coward]

Is ZOOM trying to become the FB of Video conferencing? Automatically connecting everyone to everyone without regard for privacy or customer desires.

I hope Clearview AI is not a partner of Zoom.

Re:

[Anonymous Coward]

You can always "Just Say No". For example, I do not permit this sort of ill-conceived crap on or near my computer or secure network. If you don't like that, that is too bad for you. Just because there are flocks of idiots using this crap does not mean that I will be one of them. If you wish to communicate with me you may do so by e-mail or by voice telephone. If that is not sufficient for you, to bad for you.

Re:

[tepples]

I am between jobs, and a prospective employer wants to interview me through Zoom. I have already passed a phone screening. What do you recommend that someone in a position like mine say to this employer in order to encourage the employer to continue communicating "by e-mail or by voice telephone" instead of dismissing me with "sorry, we decided to go with another candidate and wish you luck on your job search"?

Re:

[mattr]

Hurry up and use zoom. The fact you are asking this question and contemplating pedantically “guiding” a prospective employer tells everyone not to hire you.

Re:

[mce]

Two replies:

1) I have a customer (a large US corporation known world wide) who insisted for years that we use zoom for all conferences. I did not like that, as it often gave me audio problems, but hey, when the CEO is known to be super arrogant, often so behaves the company as a whole. Earlier this week, they suddenly changed their mind and dropped zoom like a brick because of all the security issues. If you were to tell them now that you would like to use zoom, one likely response will be a lecture about

This should count as a date breach

[FeelGood314]

Even if it was done intentionally out of stupidity it is still a breach. Your email address needs some protection against general spam, your email name + user name + the fact that you are a zoom user definitely qualifies. It should have been an opt-in to share your information with others in your domain by making it the default this company intentionally gave up private information. They should be fined a token amount just so we can say this is wrong. If they don't have it fixed in a week they need to be fined a significant amount.

Re:

[nospam007]

"Even if it was done intentionally out of stupidity it is still a breach. Your email address needs some protection against general spam"

Only morons give their real email to sign up for something, that's why the throwaway email servers exist and if they block these, just create a Gmail address just for that purpose that you only use for that.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[BeerFartMoron]

Zoom's rapid rise in popularity could come at a cost. Zoom sued for allegedly sharing users' personal data with Facebook [cbsnews.com]

Zoom Video Communications is facing increased scrutiny over customer privacy this month as New York's top prosecutor is probing the suddenly popular teleconferencing company's security practices during the coronavirus work-from-home movement . Zoom also is being sued in California for allegedly giving users' personal data to outside companies including Facebook without fully informing customers that's the case.

Zoom's software reported to Facebook whenever a Zoom user logged on for a conference call, a lawsuit filed Monday stated. After a user logged on, Zoom gave Facebook the person's customer information, including what device a person used to access Zoom, the device's model and the device's unique advertising identifier.

"The unique advertising identifier allows companies to target the user with advertisements," the lawsuit states. "This information is sent to Facebook by Zoom regardless of whether the user has an account with Facebook."

Re:

[fgouget]

Given that the users are in the Netherlands and that this is a feature rather than a hack means it is a GDPR violation [wikipedia.org].

So I guess

[93 Escort Wagon]

Zoom thought several million people worked for Comcast or Charter Cable?

Out of left field...

[The-Ixian]

I had never heard of Zoom before a few years ago and now it seems they are a dominant player in the virtual meeting space.

When did this happen? Why is everyone talking about Zoom now when there have been other, bigger (at the time) players in the game with better features?

Thinking WebEx, GoToMeeting, Skype/Teams, etc

Re:

[shilly]

They're still there but they're mainly enterprise-focused. Zoom was SME focused and then consumer too. Skype is kind of an exception (and FaceTime too)

Re:

[Lonng_Time_Lurker]

Turns out you don't really need that many features to be a video chat player. Then hipsters liked them. Now they're cool.

Re:

[flyingfsck]

Zoom has excellent video conferencing - that is what made it take off.

Re:Out of left field...

[dHagger]

I have both looked at and tried a few different systems, and what makes Zoom stand out is that it is fairly reliable, easy to use, allows inviting people without an account - and works equally well for everything from just two people chatting up to large enterprises integrating it with video conferencing rooms. Skype starts to choke on groups larger than a few people, Teams is designed for companies with their AD in Azure cloud, WebEx was way too buggy last I tried it - and so on. But with the disregard for privacy that Zoom has shown lately, I wish there were some good alternatives.

Re:

[Xylantiel]

The fact that Zoom's software actually works, compared to webex and skype, is sadly a big deal. Their features and interface are also largely stable. Skype seemed to have a different interface every time I used it for a few years and WebEx seems to have suffered from major feature-creep. Seems kind of obvious that just making your software work well is really important.

I actually lament the fact that every videoconferencing solution is an attempt to lock you into their own platform. Why is it that I c

Re:

[mtmra70]

Actually, Webex Meetings is one of the few that offers full support for everything:

-Browser join
-App join
-PSTN join (call-in or call-back)
-SIP join (call-in or call-back)
-h.323 join (call-in)

If you look at MS Teams, Zoom, GoToMeeting, Google Meet, etc. Most either charge for some of those features as add-ons (Zoom wants $$ for SIP/h.323) or just don't offer them natively (MS Teams/Google Meet requires a 3rd party in order to support SIP video).

Everyone always says "Webex was buggy the last time I tested". T

Re:

[flyingfsck]

The feature that made them rise in popularity, is that their video conferencing works very well. Being easy to install on Linux, Windows and Mac also helped a lot, since many users have a Windows machine at the office and a Mac at home. The third reason for popularity is that the security of Zoom is primitive, so governments can easily snoop on it.

Seriously?

[ZuckFucker]

What retarded comp-sci drop out made this fucking service? They deserve to be sued out of existence just for leaking people's confidential teleconferences with their doctors, lawyers, and others. Then they pull this shit too?

Clearly Zoom didn't see this coming

[kwelch007]

Not saying it's right...obviously Zoom screwed up, but it goes to show that they had blinders on for the Corporate market and never expected to be part of the Social Media circle.

Fuck it

[AndyKron]

Who's going to jail for this? Nobody? Fuck it. Just FUCK IT.

Posted Links

[cygnusvis]

Cant wait till students post lecture links online for scumbags to troll

WebApp

[cygnusvis]

Zoom has a full feature web app with no login or email required. If people installed the Zoom spyware on their PC this is the result.

Re: WebApp

[xushi]

Had *.

Didnâ(TM)t they remove it last year?

Chatroulette

[awwshit]

Its a new Chatroulette, except this version has a static preview.

phone number leak

[gyepi]

There is also no option to hide your phone number from your profile if you used your phone's Zoom app to log in once. This is very disturbing since now my private phone number is displayed for my students. I contacted Zoom about this twice already, but they didn't even bother to reply.

Hardly a Zoom Leaking more like poor programming.

[marriagematching]

This is hardly like Zoom leaking people's data, it is more a case of poor setup due to domain related issues of the email addresses. All based on Zoom wanting to help people connect, just poorly executed as they are unable to know everything about every domain.