Thousands of Zoom cloud records have been exposed on the web due to the way Zoom names its records, according to a report by The Washington Post. The records are apparently named “identically” and many have been published to unprotected Amazon Web Services (AWS) buckets, making it possible to find them through online search.
A search engine that can browse cloud storage has generated more than 15,000 Zoom records, according to The Washington Post. Thousands of clips have also apparently been uploaded to YouTube and Vimeo. The Washington Post said he was able to post recordings of therapy sessions, directions, business meetings, elementary classes and more.
Zoom has been informed of the problem, reports The Washington Post, but it’s unclear whether the company will change the way it names videos or protect the AWS compartments where videos are hosted.
“Zoom notifies attendees when a host chooses to record a meeting, and provides a safe and secure way for hosts to store the recordings,” said Zoom in a statement to The edge. “Zoom meetings are only recorded at the choice of the host, either locally on the host machine or in the Zoom cloud. If hosts later choose to upload their meeting recordings elsewhere, we urge them to exercise extreme caution and be transparent with meeting attendees, carefully considering whether the meeting contains sensitive information and reasonable expectations. some participants. “
Zoom has undergone a thorough review of its security and privacy practices due to the large increase in the number of users while people are forced to stay at home due to the new coronavirus, and some a number of problems have been identified. Just yesterday, Zoom fixed its “malware-like” macOS installer, fixed a vulnerability in Windows, and LinkedIn suspended a Zoom integration that exposed users’ LinkedIn profiles. But the company has also committed to suspend functionality for 90 days to focus on resolving privacy and security issues.