Zoom apologizes over security and privacy issues, freezes new features to focus on fixes

Meeting3
Meeting3 (Image credit: Zoom)

What you need to know

  • Zoom has apologized to users after a swathe of privacy and security concerns were uncovered in its service.
  • It is going to freeze new features for 90 days whilst it focuses on fixing these issues.
  • Zoom says that its user figures have rocketed to more than 200 million people daily in March.

In a blog post, Zoom CEO Eric S. Yuan has apologized to its users for falling short of the community, and its own privacy expectations, vowing to freeze all new features for 90 days whilst it works on fixing issues.

In the statement he said:

For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community's – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.

By way of background, he notes that Zoom was built primarily for enterprise customers who have their own full IT support, and that "thousands of enterprises" have done "exhaustive security reviews of our user, network, and data center layers and confidently selected Zoom for complete deployment."

Zoom does however admit:

However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.

Zoom says that consumer use cases have "helped us uncover unforeseen issues with our platform", and that "dedicated journalists and security researchers have also helped to identify pre-existing ones." It says it takes these issues "extremely seriously" and is looking into "each and every one of them as expeditiously as we can."

It refers users to training it has offered regarding using Zoom, and also identified what it has done regarding several issues recently raised. It has also published a separate post explaining end-to-end encryption on its service, again apologizing for confusion:

While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it. This blog is intended to rectify that discrepancy and clarify exactly how we encrypt the content that moves across our network.

In response, Zoom has stated it will freeze new features immediately for a period of 90 days, rededicating resources to "better identify, address, and fix issues proactively." CEO Eric S. Yuan will also hold weekly webinars on Wednesdays at 10 am PT to provide updates on this to the community.

You can read the full post, including more detail on measures Zoom is taking regarding security here.

In recent days concerns have been raised over Zoom bugs on macOS regarding the installation process, Facebook data sharing and a company directory feature that exposed the personal data of thousands.

It's been a rocky few weeks for Zoom, it can however now be praised for admitting its failings and taking the necessary steps to make it right.

Stephen Warwick