• Zoom has become the video conferencing service of choice for hundreds of thousands of people since the coronavirus pandemic forced employees all over the world to work from home.
  • Zoom offers high-quality video and many useful features, but the number of privacy concerns surrounding the app have continued to mount.
  • In a new report, Motherboard reveals that Zoom is leaking private information of thousands of users to strangers, and giving those strangers the ability to call other users they don’t know.
  • Visit BGR’s homepage for more stories.

Few services have been bigger beneficiaries of the coronavirus pandemic than Zoom. As millions of workers from all over the world were suddenly forced to work from home, and friends and family had to cancel their plans to meet up, video conferencing became the tool of choice for long-distance communication.

Of the countless video conferencing services available on mobile and desktop, few could match Zoom when it came to the quality of the calls and the number of features the service offered. But we are now learning that there is a price to pay (beyond the monthly subscription fee) for using Zoom.

Last week, Motherboard reported that Zoom’s iOS app was sending analytics data to Facebook even if the user didn’t log into Facebook or didn’t have a Facebook account. Not only was there no way to opt out of this behavior, but Zoom also didn’t mention that data would be sent to Facebook in its privacy policy. Thankfully, Zoom removed the Facebook SDK from its app shortly after the report was published, but it’s beginning to look like Facebook was just the tip of the iceberg for Zoom’s privacy issues, of which many more have sprung up in recent days.

In Motherboard’s latest report concerning Zoom, the publication reveals that the video conferencing service is leaking email addresses and photos of thousands of users, as well as letting strangers attempt to call them.

As Motherboard explains it, Zoom has a “Company Directory” setting that automatically adds other people to your list of contacts if you signed up with an email address sharing the same domain. Though this sounds like a useful tool for coworkers who don’t want to have to manually add each other, some users are reporting that they have been grouped with thousands of strangers after signing up with their personal email addresses.

“I was shocked by this! I subscribed (with an alias, fortunately) and I saw 995 people unknown to me with their names, images and mail addresses,” Zoom user Barend Gehrels told Motherboard. The user sent Motherboard a screenshot of the “Company Directory” section of the app, which was filled with hundreds of random names. “If you subscribe to Zoom with a non-standard provider (I mean, not Gmail or Hotmail or Yahoo etc), then you get insight to ALL subscribed users of that provider: their full names, their mail addresses, their profile picture (if they have any) and their status. And you can video call them,” Gehrels added.

Here’s what Zoom says on its website: “By default, your Zoom contacts directory contains internal users in the same organization, who are either on the same account or who’s email address uses the same domain as yours (except for publicly used domains including gmail.com, yahoo.com, hotmail.com, etc) in the Company Directory section.”

The problem is, as Gehrels noted, that not every personal email domain is being exempted. While Zoom does give users the option to submit a request to have a domain removed from the Company Directory feature, not everyone is going to find it, and the requests are “experiencing longer wait times than normal.”

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.