Zoom Video Communications Hit with Class Action Lawsuit & Hacking Attacks

by | Apr 3, 2020

Zoom, a video conferencing software application that has experienced explosive growth due to the social distancing measures introduced globally during the COVID19 crisis, has had a class action lawsuit filed against it in the Northern District of California this week in relation to allegations that users’ information was illegally collected and share with third parties.

It is alleged that Zoom breached the California Consumer Privacy Act as it failed to create appropriate security procedures and alert account holders in relation to what private personal information the company was going to share and what entities it would be shared with. Specifically, the complaint deals with the information that was shared by Zoom with the Facebook social media platform without clear authorization from account holders.

The class action lawsuit refers to a report published by Vice which indicates that “the (Zoom) app notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements.”

An additional claim was registered stating that Zoom is violating the California Consumers Legal Remedies Act and California Unfair Competition Law, as Zoom “represented it was preventing unauthorized access and disclosure of users’ personal information when in fact it does not.” Lastly, is was alleged that privacy was breached in violation of Art. 1, § 1 of the California Constitution by not providing account holders with clear and informed consent prior to sharing personal information with third parties.

What is Zoombombing?

Zoom has proven an extremely popular medium of communication for business and personal use since the introduction of social distancing around the globe. There has been a massive rise in traffic during recent weeks and the app has been downloaded more than 50 million times from the Google Play store alone. The value of the company has also exploded upwards, jumping from $16bn to $42bn.

This is a new attack technique where individuals gatecrash private Zoom meetings, which is due, in part, to users not implementing certain security settings and the method used by Zoom to generate the random numbers for Zoom meetings, which is prone to brute force guessing attempts. There have been many reported cases of Zoom bombing attacks where strangers join Zoom meetings/chat sessions and cause disorder, shout hate speech, and display pornographic and racist images.

It was also recently revealed that Zoom does not have end-to-end encryption, even though the company states the platform is protected by end-to-end encryption on its website.

Zoom bombing Attacks on the Rise

In the United States, the FBI issued a warning which said: “The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.”

Zoom issued a statement on its corporate website addressing the concerns of account holders and and attempted to reassure people that it is implementing new security measures as it attempts to deal with unexpected and rapid growth and millions of new users.

The statement reads: “We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations.”

The blog post goes on to refer to some of the steps that Zoom has taken to address privacy and security shortfalls, including additional training, tackling Zoom bombing by showing users how to use security features to prevent it, stopping automatic information sharing with Facebook, and improving transparency

You can read the full statement here.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy