Connect with us

Hi, what are you looking for?

Tech & Science

How Zoom came to expose thousands of recordings (Includes interview)

According to The Washington Post, thousands of Zoom cloud recordings have been exposed on the web because of the way Zoom names its recordings. What appears to have happened is that the recordings have been posted onto unprotected Amazon Web Services (AWS) buckets, which means it becomes possible to find the videos through an online search.

In a statement, Zoom (quoted by The Hill) said it “provides a safe and secure way for hosts to store recordings” and provides guides for how users can enhance their call security.”

And then followed with a warning: “Should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants’ reasonable expectations.”

Some of the exposed videos included training orientation for workers doing telehealth calls. Looking into the issue for Digital Journal, Chris DeRamus of DivvyCloud picks up on the issue in the context of the expansion in homeworking: “Amid the global pandemic, companies and individuals alike have been hastily adjusting to remote operations and increasingly utilizing digital communication platforms such as Zoom for work and personal use cases.”

DeRamus notes further: “As such, Zoom’s daily users have increased almost 2,000 percent in the past four months. However, this rapid adoption of Zoom has unearthed the discovery of personal Zoom videos left viewable on the open web, discoverable through simple online searches.”

In terms of the implications, DeRamus says: “With personally identifiable data as well as work and intimate conversations exposed, bad actors now have the ability to exploit this information and launch phishing attacks or other scam campaigns against Zoom users.”

There are general lessons that can be drawn from this, DeRamus explains: “Companies that hundreds of millions of global customers are relying on for business continuity and/or personal communications during this challenging time, must have stringent security measures in place. Every saved recording must require a unique file name that is not identical to any other recording, especially given that these files can be saved openly on the web in misconfigured public storage buckets. Negating necessary security steps will put the personal privacy and sensitive data of Zoom’s users at risk.”

As to what needs to happen next, DeRamus recommends: “Due to the current crisis and subsequent increase in demand for their product, Zoom may have had no choice but to speed up efforts and in doing so, made the tough choice between innovation and security leading to the resulting data breach. Had they been leveraging an automated security strategy however, they would have never had to make that choice.”

Furthermore, the analyst suggests: “The reality is that companies can accelerate innovation without loss of control in the cloud by leveraging automated security strategies that grant the ability to enforce policy, provide governance, impose compliance, and provide a framework for the processes developers should follow—all on a continuous, consistent basis. As a result, companies can innovate while maintaining security, they simply must adopt the proper cloud strategies and solutions.”

In related news, Popular Zoom Video Communications is facing a privacy suit for allegedly disclosing personal data to third parties without full user consent, according to Nasdaq.

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


The Supreme Court is attempting to undermine the federal regulatory state established by Congress.


Worshippers from across the world have packed the streets of Mecca as Islam's holiest city prepares to host the biggest hajj pilgrimage.


Rescuers warned Monday that hope of finding survivors was diminishing after an avalanche set off by the collapse of an Italian glacier.


The city is still living in slow motion, even though Russian troops withdrew from the outer northern and northeast suburbs three months ago.