Zoom seems to be guilty of leaking user data such as email addresses and user photos due to how the app organizes contacts that it thinks work for the same company. According to a report by Vice, it may also be allowing some users to start video calls with stranger due to this same issue.
The cause of this issue is the fact that Zoom organizes users with the same email domain into Company Directories which allow people in the same organizations to search up their coworkers with ease, start a video call with them, and see their user photos and email addresses. While this makes networking and organizing meetings on the platform much more convenient, but a flaw in the system has been grouping users without company emails into company directories as well. This means a random stranger could be given access to the personal information of everyone in a company directory, which is a huge privacy concern.
One user who encountered this issue came forward and shared screenshots of the problem with Vice. The screenshots show 995 accounts added to his company directory, many of which were not supposed to be there. A number of domains from Dutch ISPs had been given access to his company directory and after hearing about the issue, Zoom blacklisted those domains.
Zoom says it “maintains a blacklist of domains and regularly proactively identifies domains to be added”, and that it doesn’t group publicly used domains such as gmail.com, yahoo.com, etc. However, the issue still persists.
This isn’t the only time the company has faced some heat due to privacy and security issues. ‘Zoombombing” continues to effect users and other concerns such as attendee tracking have also been highlighted in the past few weeks. Although the platform provides easy to use and reliable video conferencing to millions around the globe, users should also be aware of the risks involved in using the platform.