Popular video-conferencing Zoom is leaking personal information of at least thousands of users, including their email address and photo, and giving strangers the ability to attempt to start a video call with them through Zoom.
The issue lies in Zoom’s “Company Directory” setting, which automatically adds other people to a user’s lists of contacts if they signed up with an email address that shares the same domain. This can make it easier to find a specific colleague to call when the domain belongs to an individual company. But multiple Zoom users say they signed up with personal email addresses, and Zoom pooled them together with thousands of other people as if they all worked for the same company, exposing their personal information to one another.
Last week, it updated the iOS version of its app after Motherboard found it was sending analytics data to Facebook. On Monday a user filed a class action lawsuit against Zoom for the data transfer. On the same day the New York Attorney General sent a letter to Zoom asking what security measures the company had put in place as the app has sky-rocketed in popularity.