Popular video conferencing app Zoom is in trouble once again. According to an online report a security bug has been found in the app. As reported by Vice, Zoom is leaking users’ data such as email addresses, user photos and is also allowing some users to start a video call with strangers. The report suggests that the issue exists in Zoom’s ‘Company Directory’ setting, which automatically adds other people to a user’s contact list if they have signed up using an email address and share the same domain. This feature helps in finding a specific college to call. However, many of the Zoom users have complained that they have signed up using their personal email address and Zoom has pooled them with thousand of other users which exposed their personal information to strangers.
A Zoom user Barend Gehrels wrote in an email to Motherboard, “I was shocked by this! I subscribed (with an alias, fortunately) and I saw 995 people unknown to me with their names, images and mail addresses."
Geherls also shared a screenshot of him logged into Zoom with 1,000 different people. He said these were "all people I don't know of course." He also mentioned that his partner was also facing the same issue.
A Zoom spokesperson said to Vice in a statement, “Zoom maintains a blacklist of domains and regularly proactively identifies domains to be added. Zoom also directed Vice to a support page where users can request to have domains blacklisted. Zoom doesn’t group “publicly used domains including gmail.com, yahoo.com, hotmail.com, etc.”
Recently, a report by Motherboard revealed that Zoom (iOS version) was sending user data to Facebook. The app was sharing the user’s time zone and city with
Facebook whenever they open the app along with the device details. After learning about the report, the company was quick to act on it. Zoom released an update in which it removed the code which sent user data to Facebook.
According to a blog post by Zoom CEO Eric S Yuan, Zoom implemented its “Login with Facebook” feature using Facebook’s software development kit (SDK) for iOS. On March 25th, the company says it was made aware “that the Facebook SDK was collecting device information unnecessary for us to provide our services,” according to the post.