Video conferencing platform Zoom has now agreed to pay a fine of $86 million (£61.9 million) in order to settle a privacy lawsuit in the US, which claims the company shared user data with Facebook, Google, and LinkedIn and was responsible for allowing hackers to disrupt meetings in a practice known as Zoombombing.
The platform, which became many people’s go-to way to communicate with friends, family, and colleagues during the COVID-19 pandemic, grew sixfold to almost 500,000 customers in 2020 as more people were forced into national or regional lockdowns.
This lawsuit against the company was first filed in March 2020 and claims that Zoom failed to safeguard the personal information of its users – misstating that it used end-to-end encryption (as Zoom itself could access the audio and video of meetings). It also sent analytics to companies without explicitly asking for consent or stating this was the case in its privacy policy.
Information shared included when the app was launched, which device was being used, location data, and phone carrier – all of which can be used to provide more targeted advertising to users. The company later removed code from its iOS app to stop it sending data to Facebook.
In terms of other security flaws, the company has repeatedly come under fire for enabling unauthorised guests to crash meetings and cause problems, a process that became known as Zoombombing. In April 2020, for example, a virtual Chipotle event was disrupted when a hacker entered the meeting and broadcast pornography to hundreds of attendees. The platform has also been under scrutiny for vulnerabilities that allowed an attacker to remove people from meetings or force them into calls without their knowledge.
In response, the platform denied any wrongdoing but has stated it will bolster its security practices – although in a statement the company said “The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us”.
The preliminary settlement is still yet to be approved by the courts but, i9f successful, would require Zoom to give its staff specialised training in data handling, make it easier for users to understand who can see, save, and share Zoom users’ information, as well as alerting users when hosts or participants use third-party apps in meetings.
In addition, subscribers involved in the class action will be eligible for 15% refunds on their core subscriptions, or $25, whichever is larger. Zoom users who did not pay for a subscription can submit a claim for $15. It is estimated that Zoom earned around $1.3 billion in subscriptions from these class action participants in total, according to the settlement documents.
Another hearing on the case is set for October 2021.
Are you a fan of Zoom and, if so, why? Or are you a current user who is worried about their cybersecurity policies? Let us know in the comments section. And, if you have any questions or other technology queries, please tweet us at @techtroublesho1.
Tech Troubleshooting 