Thousands of recordings of private meetings and calls held over video conferencing service Zoom have been exposed online, The Washington Post reported Friday.
The meetings were recorded through Zoom’s software and saved to different applications without passwords, enabling anyone to download and watch them.
The Washington Post found videos of therapy sessions, elementary school classes, small business meetings and recordings involving nudity.
Zoom told the newspaper that it “provides a safe and secure way for hosts to store recordings” and provides guides for how users can enhance their call security.
“Should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants’ reasonable expectations,” Zoom told the Post.
People and businesses worldwide have flocked to Zoom during the coronavirus pandemic to hold events ranging from university classes to happy hours. CEO Eric Yuan announced Thursday that the company had 200 million daily users in March, up from a maximum of 10 million daily users in December.
The company’s stock price has already increased.
But Zoom has faced a wave of security and privacy concerns as vulnerabilities were spotlighted by the spike in users.
A new phenomenon of “Zoom bombings,” in which hackers or others disrupt meetings to yell obscene comments, was so widespread that the FBI issued a warning and tips on how to boost cybersecurity protocols.
The company was also hit by a class-action lawsuit for allegedly sharing user data with Facebook and other groups without users’ consent.
In response, Yuan vowed to step up security at Zoom, including updating the company’s privacy policy. On Friday, the company announced that passwords would be enabled on all meetings beginning Sunday.
Despite the changes, Zoom continues to be under the microscope.
Rep. Jerry McNerney (D-Calif.) and almost two dozen other Democrats on the House Energy and Commerce Committee sent a letter to Yuan on Friday requesting details on how the company safeguards the privacy and security of its users.
“As consumers turn to Zoom for business meetings, remote consultations with psychologists, or even virtual happy hours with friends, they may not expect Zoom to be collecting and using so much of their information,” the lawmakers wrote.
The letter came on the heels of a letter sent to Yuan by Sen. Richard Blumenthal (D-Conn.). Blumenthal stressed that Americans “should not have to add privacy and cybersecurity fears to their ever-growing list of worries.”
States are also taking a closer look at Zoom.
Politico reported Friday that the attorneys general of Florida, New York and Connecticut are examining Zoom’s privacy practices.
In Michigan, federal prosecutors said they will consider going after Zoom bombers with charges like computer intrusion, hate crimes, fraud and transmitting threatening communications.
“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested,” Matthew Schneider, U.S. Attorney for Eastern Michigan, said in a statement. “If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door.”