Technology
Thousands of private Zoom videos are online for anyone to watch
Your boss may not be the only one secretly replaying your Zoom meetings.
Thousands of recorded Zoom meetings are floating around the open web — available for anyone to watch. The exposed video calls include private business discussions, casual friend conversations, therapy sessions, and, yes, nudity, and many appear to have been made public by mistake.
The news, reported by the Washington Post, is yet another privacy blow in a long line of privacy blows to Zoom. At issue is the file-naming convention used by Zoom to label recorded meetings. It is unique enough that security researcher Patrick Jackson, who alerted the Post to the issue, found 15,000 examples when he ran a scan of unsecured cloud storage.
But you don’t even need to look that hard, as a quick search for the Zoom file name on YouTube, Google, and Vimeo by Mashable revealed scores and scores of recorded calls.
One such video, clearly not intended to be uploaded, included what appeared to be a therapist speaking to his patient. The two discussed the patient’s thoughts about self harm, among other incredibly sensitive topics. It was posted online Friday.
Now, it’s important to note that these meetings were uploaded — perhaps mistakenly, in some cases — by someone who initially had access to them. Zoom allows paid users the ability to save recordings to the cloud (i.e. Zoom’s servers). Those video recordings aren’t the ones exposed on the open web. Rather, recordings saved to someone’s computer, and then later uploaded, are what’s at issue today. For example, someone may accidentally upload their own private Zoom conversation to the internet, be that a therapy session or a call with a friend. Then there are the businesses that automatically upload recorded Zoom meetings to a private server, but may have misconfigured the server in such a way that it’s not actually private. Someone who accesses the server can then download those recordings (which all have the same file name) as they please.
However, just because it’s the users who screwed up doesn’t let Zoom off the hook. As is the case with frequently unsecured Amazon S3 buckets, if the design of a system leads thousands of people to make the same mistake then perhaps there’s a failure of design — or at least of communication.
Notably, Zoom lets its users know that recordings of their calls will all have the same default file name. That this could turn out to be problematic clearly didn’t occur to anyone at the company.
SEE ALSO: Forget Zoom: Use these private video-chatting tools, instead
Like the Washington Post, we are choosing not to link to the Zoom page detailing the file format, and choosing not to specify what it is in an attempt to preserve some — albeit small — element of people’s privacy.
We reached out to Zoom for comment but received no immediate response. Hopefully, the company is busy notifying customers that their files are easily searchable on the open web.
In the meantime, if you’re concerned about your privacy, trying using a Zoom alternative — or at the very least don’t let anyone record a sensitive meeting.
-
Entertainment7 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment6 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment5 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment6 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment5 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment4 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment3 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
CES 2025 preview: What to expect