Skip to main content

Daily life has changed a lot since the pandemic started. Because face-to-face interactions aren’t possible for so many of us, we’ve turned to videoconferencing for work meetings, school, catching up with our friends, even seeing the doctor.

When we rely on technology in these new ways, we share a lot of sensitive personal information. We may not think about it, but companies know they have an obligation to protect that information.

The FTC just announced a case against videoconferencing service Zoom about the security of consumers’ information and videoconferences, also known as “Meetings.” The FTC claimed that Zoom failed to protect users’ information in a variety of ways:

  • Zoom said it provided end-to-end encryption — a way to protect communications so only the sender and the recipient can see it — for Zoom Meetings. It didn’t.
  • Zoom said it secured Meetings with a higher level of encryption than it actually provided.
  • Zoom told users who recorded a Meeting that it would save a secure, encrypted recording of the meeting when it ended. In reality, Zoom kept unencrypted recordings on its servers for up to 60 days before moving them to its secure cloud storage.
  • Zoom installed software, called ZoomOpener, on Mac users’ computers. This software bypassed a Safari browser security setting and put users at risk — for example, it could have allowed strangers to spy on users through their computer’s web cameras. Or hackers could have exploited the vulnerability to download malware onto — and take control of — users’ computers. If users deleted the Zoom app, the ZoomOpener remained, as did these security vulnerabilities. Zoom could re-install the app without the user’s permission and without letting them know. (Apple removed the ZoomOpener web server from users’ computers in 2019.)
  • Zoom didn’t give users the straight scoop about the ZoomOpener software. Zoom said the software was a bug fix, but didn’t tell users that it would be installing a web server that would circumvent a privacy and security safeguard, or that the software would remain on their computers even after they had deleted Zoom.

Zoom agreed to settle the charges brought by the FTC. Though Zoom has now discontinued many of the practices challenged in the complaint, the settlement puts your security top of mind for Zoom. It requires Zoom to live up to its privacy and security promises and to put in place a comprehensive security program designed to protect your information for many years to come — or pay big fines.

Check out our consumer tips to see how you can stay safe while video conferencing. And if you use video conferencing as part of your business operations, see Video conferencing: 10 privacy tips for your business.

Search Terms
consumer privacy
Topics
Identity Theft and Online Security
Online Privacy and Security

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Marc Tickner
November 09, 2020
Thank you very much for your work.
Carmen
November 09, 2020
My desk computer was hacked after numerous Zoom meetings when the first quarantine in California ( I am a teacher), and now I thinking about it was because the vulnerability of Zoom on this situation. The criminals got my bank-credit card information and used and robbed me. So sad.
MAnthony
November 09, 2020
Thank you for your oversight.
Ernel
November 09, 2020
Sounds pretty good to me
Tensie
November 09, 2020
Our Zoom meetings have a password and an user code, but when I launch the link it does not require me to input the password. Also, I received a popup on my last Zoom meeting call saying to upgrade to Zoom 5.0. Was this legitimate?
Mooz01
November 10, 2020
I have used Zoom various times for doctor appointments. church services. Health Insurance conference calls did not know what I’ve said during these moments that would compromise my security.
Dmoppert
November 20, 2020
I don't use a computer I use my phone don't have a computer
Myruu
July 24, 2021
What should I do if a zoom meeting was recorded while credit card details were being entered?
Return to top