[BreachExchange] Zoom hit by investor lawsuit as security, privacy concerns mount

Destry Winant destry at riskbasedsecurity.com
Fri Apr 10 10:25:48 EDT 2020


The challenges facing Zoom continue to mount, as the company now faces
an investor lawsuit and more organizations ban the use of the video
meeting app due to privacy and security concerns. The company also
upped efforts to improve its security and privacy practices by hiring
Facebook’s former CSO as a consultant.

Zoom has seen a surge in use in recent weeks as self isolation in
response to the pandemic ramps up the demand for video software. As
its popularity has boomed – both for business and personal use – and
the company’s stock price rocketed, Zoom has come under pressure on a
number of fronts.

On Tuesday, shareholder Michael Drieu filed suit in a California
federal court, alleging that Zoom “significantly overstated” the
degree to which its platform is encrypted, failing to disclose these
“deficiencies” to shareholders.

Zoom admitted on April 1 to a “discrepancy” in its definition of
end-to-end encryption from the commonly accepted definition. Drieu
claims he and other shareholders have suffered “significant losses and
damages” due to a drop in Zoom’s share price after the admission.

It is the second recent lawsuit Zoom faces; the company is also being
sued in California for allegedly sharing user data with Facebook. Zoom
said in a March 29 blog post that it “has never sold user data in the
past and has no intention of selling users’ data going forward,” and
would remove the Facebook SDK (software development kit) from its iOS
client. That SDK, it said, was responsible for collecting device data.

More organizations ban Zoom

The list of organizations that have banned use of Zoom on security and
privacy grounds has also grown.

The U.S. Senate has reportedly directed members not to use the app,
according to the Financial Times, while the German Foreign Ministry
has banned its use on mobile devices to protect confidential
conversations, according to an internal memo seen by Reuters. And
Taiwan’s government warned against using Zoom, instead highlighting
rival options from Microsoft and Google.

More information about the BreachExchange mailing list