Thousands of private Zoom video recordings exposed online

The exposed Zoom videos can be found on unprotected swathes of Amazon storage space, known as buckets, and have even been uploaded onto sites like YouTube and Vimeo. — AFP

Thousands of Zoom video call recordings have been left exposed on the open web, according to a report by The Washington Post.

Among some videos that the news outlet sighted included personal therapy sessions, company business meetings involving private financial records, and online classes where schoolchildren's details were visible to anyone viewing the recordings.

The report stated that the videos can be viewed and downloaded through a "simple online search" because Zoom video recordings are named in an identical way, making it all too easy for anyone so inclined to download and view thousands more such videos.

The report also claimed that the videos may have been recorded through Zoom's own software and stored onto separate online storage space without passwords, and that the leak does not affect videos that remain with Zoom’s own system.

To be clear, Zoom videos are not recorded by default, but those hosting video calls can choose to record them and save to either Zoom servers or their own computers without participants’ consent. However participants apparently will receive a notification when a host starts to record, according to the report.

Privacy software company Disconnect's technology chief Patrick Jackson, who is also a former researcher for the US National Security Agency, alerted the news outlet about the exposed Zoom video recordings, saying he believed that Zoom could "do a better job" at reminding users to protect their videos.

He also suggested that the company change the naming convention of the videos to make them "harder to find".

Jackson shared that he found the videos though a free online search engine that scans open cloud storage space online. Using Zoom's default naming conventions, one search for such recordings yielded more than 15,000 results.

The videos can be found on unprotected sections of Amazon storage space, also known as "buckets", and have even been uploaded onto sites like YouTube and Vimeo. According to the Washington Post's article, "Amazon buckets are locked down by default, but many users make the storage space publicly accessible either inadvertently or to share files with other people."

On a recent Twitter post where he shared a link to the Washington Post article, Jackson urged other users to "only record video calls if you absolutely need to and always secure them wherever they're hosted".

The company has since issued a statement urging users to be careful of where they save their Zoom videos and also to be mindful of the information that is recorded in the videos.

Zoom said that it “provides a safe and secure way for hosts to store recordings” and provides guidelines on how users can enhance their call security.

“Should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants’ reasonable expectations,” the company said in a statement to The Washington Post.

Video conferencing app Zoom has seen a surge in popularity with users who are staying home due to Covid-19.

Chief executive officer Eric Yuan claimed that Zoom has reached "more than 200 million daily meeting participants" in March, compared to the maximum 10 million daily meetings participants reported in 2019.

However, it has also recently been plagued with security issues such as 'Zoombombing', where virtual intruders hack into video meetings to spam users with pornographic images or offensive slurs.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Zoom , Data Privacy , WFH , Zoombombing


Did you find this article insightful?


91% readers found this article insightful

Next In Tech News

Slack’s CEO is back in the passenger seat after Salesforce deal
Flipkart’s digital payments firm PhonePe to raise US$700mil from existing investors
HDFC Bank ordered by RBI to suspend new digital products on outages
IBM warns hackers targeting Covid vaccine ‘cold chain’ supply process
Facebook-backed Libra Association changes its name to Diem
New Samsung earbuds design closer to older Buds models
Rights for US gig workers are a political issue now, but many of them can’t vote
US woman reports catching intruder while recording dance video
Report: Amazon in talks to buy podcast publisher Wondery
Sources: US states plan to sue Facebook next week

Stories You'll Enjoy