More than 15,000 private Zoom meetings leaked online: Details here
Zoom, the video conferencing service that shot to fame in light of the COVID-19 pandemic, is drawing flak for leaking private meetings of its users. A recent investigation by The Washington Post discovered thousands of Zoom meeting recordings on the open web, waiting to be accessed and viewed by anyone. Here's all you need to know about it.
As many may already know, Zoom offers its users an option to record meetings and save them either to their computer or to the Zoom cloud. The feature seems handy, but if these recordings are not handled with caution, they could easily end up in the public domain. And, that is what seems to have happened in this case.
As Zoom uses "an identical" naming convention while saving recordings, the folks at The Washington Post, when alerted by a security researcher, were able to utilize it for running a scan of unprotected Amazon Web Services (AWS) buckets. This revealed more than 15,000 Zoom meetings, including those involving private business discussions, casual conversations, therapy sessions, orientations, elementary school classes, and nudity.
In addition to the cloud servers, Zoom meeting recordings were also exposed through video streaming platforms like YouTube and Vimeo. Basically, a simple search for the Zoom label throws dozens of private meetings, which carry sensitive information about the participants, their business, their plans, and whatnot. This could easily threaten the privacy of thousands of people, if not more.
While having thousands of private virtual meetings on the open web is a major threat, it is worth noting that there's no one party to blame here. Zoom's fault was that it named the recordings in the same way, making it possible to access them easily, while the users' fault was that they did not handle the clips appropriately and uploaded them publicly.
Zoom has been notified about the leak, but there's no clarity on whether these videos would be removed or the company would change its naming convention. The company has, however, issued a statement that only clarifies that participants are notified when a host begins recording and urges the public to be very careful while uploading the recorded clips anywhere else on the internet.