Zoom is reportedly leaking users’ email addresses and photos and giving strangers the ability to start a video call with them.
This latest report comes from Vice, and indicates that there is a flaw in Zoom’s ‘Company Directory’ setting. The setting adds other people to a user’s list of contacts if they made an account with an email address that shares the same domain.
The setting is supposed to make it easier for people to find their coworkers within the same company. However, several Zoom users are reporting that they signed up with a personal email address and that Zoom grouped them together with thousands of other people.
By being grouped together, their personal information has been shared with thousands of people who are now able to call them.
A Zoom user told Vice that they were able to access 995 people’s names, images and email addresses after they were pooled together with other users.
Zoom blocked the domain after Vice contacted it about the issue. The company notes that it “maintains a blacklist of domains and regularly proactively identifies domains to be added.” It should be noted that most popular domains, such as Gmail and Outlook, are already blocked.
There is also a section on the Zoom website that allows users to request other domains to be blocked by the ‘Company Directory’ feature.
It seems that as Zoom gains popularity amid the COVID-19 pandemic, issues around the platform are coming to the surface. For instance, last week, Vice noted that Zoom was sending analytics data to Facebook. The platform had to then update its iOS app in response to the issue.
Lawmakers in the U.S. have asked the platform to implement security measures as its popularity continues to surge.
Image credit: Zoom