Zooms CEO, Eric S. Yuan, apologized in a blog post about the concern raised by the aforementioned situation. He stated that Zoom users privacy is extremely important to the company and that they have therefore decided to remove Facebooks SDK from the iOS app. Additionally, he said that the information, sent to Facebook, did not include names, notes, attendees or any meeting-related information, but data about devices OS and some technical specifications.
Now, a new report by Motherboard draws our attention back to Zooms security and privacy. This time, its Zooms Company Directory feature, which allows users to have access to contacts with the same custom domain name, for example in a company environment when users share a domain. However, the company failed to realise that some custom domain names are used for personal accounts and people ended up with a lot of unknown email addresses added to their contact list.
@zoom_us I just had a look at the free for private use version of Zoom and registered with my private email. I now got 1000 names, email addresses and even pictures of people in the company Directory. Is this intentional? #GDPR pic.twitter.com/bw5xZIGtSEJeroen J.V Lebon (@JJVLebon) March 23, 2020
Screenshot of the leak
A Zoom spokesperson stated that the aforementioned Dutch ISP domains are now blacklisted and will no longer appear in the Company Directory feature. Additionally, users are able to submit a request for other custom domains to be removed from Zooms website.
SUBSCRIBE TO OUR NEWSLETTER!