Report: “New York Attorney General Looks Into Zoom’s Privacy Practices”

Updates

May 11

FTC Indicates it is Looking at Zoom Privacy Woes (via Reuters)

May 7

New York Attorney General Announces Agreement with Zoom New Security Measures (via NY AG)

Zoom Buys Keybase — Its First Acquisition — as Part Of 90-Day Plan to Fix Security Flaws (via CNBC) ||| Official Zoom Announcement

April 30

Zoom Admits it Doesn’t Have 300 Million Users, Corrects Misleading Claims (via The Verge)

April 28

Warning! Fake Zoom “HR Meeting” Emails Phish For Your Password (via Naked Security) 

April 22

Zoom Grows to 300 Million Users Despite Security Backlash

Zoom Adds Data Center Routing, Security Updates (via ZD Net)

April 20

Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox (via The NY Times)

April 16

Zoom Provides Progress Report on Ongoing Privacy and Security Updates

April 14

Best Practices to Secure Zoom Meetings (via ZDNet)

April 13

Over 500,000 Zoom Accounts Sold on Hacker Forums, the Dark Web (via Bleeping Computer)

April 10

Compromised Zoom Credentials Swapped in Underground Forums (via Threatpost)

Senator Elizabeth Warren and Senator Edward Markey Demand Answers from Zoom on How Company Will Protect Students’ Safety and Privacy, Send Letter to Zoom CEO

April 9

FAQ on Zoom Security Issues (via Citizen Lab, University of Toronto)

US Senate Tells Members Not to Use Zoom (via Financial Times/ars technica)

US Senate, German Government Tell Staff Not to Use Zoom (via ZDNet)

April 8 

Update on Zoom’s 90-Day Plan to Bolster Key Privacy and Security Initiatives (via Zoom Blog)

Zoom CEO Apologizes For Security Problems on Public Live Stream (via The Verge) 

Zoom Brings in Former Facebook Security Head Amid Lawsuits, Investigations (via ars technica)

Zoom Removes Meeting IDs From Client Title Bar to Boost Security (via Bleeping Computer)

Zoom Sued For Overstating, Not Disclosing Privacy, Security Flaws (via Reuters) |||Complaint Filed in Case ||| See Also: Lawsuits vs Zoom Communications (via RECAP/Court Listener)

Zoom’s Waiting Room Vulnerability (via Citizen Lab, University of Toronto)

April 5

EPIC Urges FTC to Investigate Zoom, Issue Best Practices for Online Conferencing

Interview with Zoom CEO (via CNN)

April 4

DOJ Says Zoom-Bombing is Illegal, Could Lead to Jail Time (via Bleeping Computer)

School Districts, Including New York City’s, Start Banning Zoom Because of Online Security Issues (via Washington Post) ||| Zoom Banned From New York City Schools Due to Privacy and Security Flaws (via Fast Company)

April 3

Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings (via Citizen Lab, University of Toronto)  ||| Update: Zoom’s Response

Thousands of Zoom Video Calls Left Exposed on Open Web (via Washington Post)

Washington to Zoom: Welcome to the Hot Seat (via Politico)

Zoom is Making a Simple Change that Could Help Prevent Unwanted Guests From Crashing Calls (via CNBC)

Zoom Video CEO Has Dumped $38 Million in Stock Since Start of 2020

Zoomed In: A Look into a Coinminer Bundled with Zoom Installer (via Trend Micro)

April 2

A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles (via NY Times)

Automated Tool Can Find 100 Zoom Meeting IDs Per hour (via The Verge)

Here’s How to Avoid Becoming a Victim of Zoombombing (via CNBC)

Thousands of Potential Phishing Sites Created to Target Zoom Users (via Information Age)

What Zoom Doesn’t Understand About the Backlash (via The Verge)

Zoom Boss Says Company Will Freeze Feature Updates to Address Security Issues (via News.com) ||| Full Text of Statement by Zoom CEO

Zoom Takes Lead Over Microsoft Teams as Virus Keeps Americans at Home (via Reuters)

April 1

Two Flaws in Zoom’s App For macOS Uncovered (via Threatpost)
UPDATE Zoom Quickly Fixes ‘Malware-Like’ MacOS Installer with New Update (via The Verge)

Zoom Client Leaks Windows Login Credentials to Attackers (via BleepingComputer) ||| Update: Zoom issues fix for UNC vulnerability that lets hackers steal Windows credentials via chat (via PC World)

March 31

Hackers Take Advantage of Zoom’s Popularity to Push Malware (via Bleeping Computer)

Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing (via The Intercept)

Zoom Sued for Allegedly Illegally Disclosing Personal Data (1) (via Bloomberg)

—-

From The NY Times:

Zoom, the videoconferencing app whose traffic has surged during the coronavirus pandemic, is under scrutiny by the office of New York’s attorney general, Letitia James, for its data privacy and security practices.

On Monday, the office sent Zoom a letter asking what, if any, new security measures the company has put in place to handle increased traffic on its network and to detect hackers, according to a copy reviewed by The New York Times.

[Clip]

In the letter, Ms. James’s office cited reports that Zoom had shared data with Facebook, and asked for further information on “the categories of data that Zoom collects, as well as the purposes and entities to whom Zoom provides consumer data.”

The office expressed concern that the app may be circumventing state requirements protecting student data. To help educators, the company recently expanded meeting limits on free accounts. The attorney general’s office called such efforts “laudable,” but also said the company appeared to be trying to offload consent requirements to schools.

See Also: Learn More About Zoom Privacy Concerns and “Zoombombing”
Multiple links. 

See Also: The Video Apps We’re Downloading Amid The Coronavirus Pandemic (via WEF)