Home>Tech
The videos include private business discussions, casual friend conversations, therapy sessions, and, yes, nudity.
ByJack Morse on
Uh, not good.Credit: Vicky Leta / mashable
Your boss may not be the only one secretly replaying your Zoom meetings.
Thousands of recorded Zoom meetings are floating around the open web — available for anyone to watch. The exposed video calls include private business discussions, casual friend conversations, therapy sessions, and, yes, nudity, and many appear to have been made public by mistake.
The news, reported by the Washington Post, is yet another privacy blow in a long line of privacy blows to Zoom. At issue is the file-naming convention used by Zoom to label recorded meetings. It is unique enough that security researcher Patrick Jackson, who alerted the Post to the issue, found 15,000 examples when he ran a scan of unsecured cloud storage.
Related Video: Zoom’s newfound popularity is being exploited by hackers during coronavirus pandemic
But you don't even need to look that hard, as a quick search for the Zoom file name on YouTube, Google, and Vimeo by Mashable revealed scores and scores of recorded calls.
One such video, clearly not intended to be uploaded, included what appeared to be a therapist speaking to his patient. The two discussed the patient's thoughts about self harm, among other incredibly sensitive topics. It was posted online Friday.
Now, it's important to note that these meetings were uploaded — perhaps mistakenly, in some cases — by someone who initially had access to them. Zoom allows paid users the ability to save recordings to the cloud (i.e. Zoom's servers). Those video recordings aren't the ones exposed on the open web. Rather, recordings saved to someone's computer, and then later uploaded, are what's at issue today. For example, someone may accidentally upload their own private Zoom conversation to the internet, be that a therapy session or a call with a friend. Then there are the businesses that automatically upload recorded Zoom meetings to a private server, but may have misconfigured the server in such a way that it's not actually private. Someone who accesses the server can then download those recordings (which all have the same file name) as they please.
Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
However, just because it's the users who screwed up doesn't let Zoom off the hook. As is the case with frequently unsecured Amazon S3 buckets, if the design of a system leads thousands of people to make the same mistake then perhaps there's a failure of design — or at least of communication.
Notably, Zoom lets its users know that recordings of their calls will all have the same default file name. That this could turn out to be problematic clearly didn't occur to anyone at the company.
SEE ALSO: Forget Zoom: Use these private video-chatting tools, instead
Like the Washington Post, we are choosing not to link to the Zoom page detailing the file format, and choosing not to specify what it is in an attempt to preserve some — albeit small — element of people's privacy.
We reached out to Zoom for comment but received no immediate response. Hopefully, the company is busy notifying customers that their files are easily searchable on the open web.
In the meantime, if you're concerned about your privacy, trying using a Zoom alternative — or at the very least don't let anyone record a sensitive meeting.
UPDATE: April 3, 2020, 11:48 a.m. PDT: In an emailed statement, a Zoom spokesperson made clear that users should exercise "extreme caution" when uploading recorded Zoom meetings to the internet.
The statement, in full:
Zoom notifies participants when a host chooses to record a meeting, and provides a safe and secure way for hosts to store recordings.Zoom meetings are only recorded at the host's choice either locally on the host's machine or in the Zoom cloud. Should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants' reasonable expectations.
Recommended For You
Tesla Model 3 Performance is here. Here are 5 things that make it great, and 3 drawbacks.
Tesla's quickest ever Model 3 is now available for purchase.
By Stan Schroeder
The case for Tesla without Musk
Cybertruck: stalling. The stock: falling. The CEO: appalling. Why his gamble may cost him more than a $50 billion payday.
By Chris Taylor
Mercedes-Benz beats Tesla to selling Level 3 autonomous cars in the U.S.
Notably, it's very limited autonomous driving.
By Stan Schroeder
Tesla cuts FSD price, ditches Enhanced Autopilot
Teslas are getting cheaper in many ways.
By Stan Schroeder
Tesla cuts prices after massive Cybertruck recall
The Model Y is currently sitting at the cheapest price it's ever been.
By Chance Townsend
Trending on Mashable
Spacecraft approaches metal object zooming around Earth, snaps footage
"Pics or it didn't happen."
By Mark Kaufman
NYT Connections today: See hints and answers for April 28
Everything you need to solve 'Connections' #322.
By Mashable Team
Wordle today: Here's the answer and hints for April 28
Here are some tips and tricks to help you find the answer to "Wordle" #1044.
By Mashable Team
NYT Connections today: See hints and answers for April 27
Everything you need to solve 'Connections' #321.
By Mashable Team
NASA's Voyager is in hostile territory. It's 'dodging bullets.'
Beware, Voyager.
By Mark Kaufman
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!
- TECH
- SCIENCE
- LIFE
- SOCIAL GOOD
- ENTERTAINMENT
- BEST PRODUCTS
- DEALS
- About Mashable
- Contact Us
- We're Hiring
- Newsletters
- Sitemap
Mashable supports Group Black and its mission to increase greater diversity in media voices and media ownership. Group Black's collective includes Essence, TheShadeRoom and Afro-Punk.
©2005–2024 Mashable, Inc., a Ziff Davis company. All Rights Reserved.
Mashable is a registered trademark of Ziff Davis and may not be used by third parties without express written permission.
- About Ziff Davis
- Privacy Policy
- Terms of Use
- Advertise
- Accessibility
- Do Not Sell My Personal Information