Shareholders have accused Zoom Video Communications of hiding security flaws in its app amid a wave of 'Zoombombing' incidences being reported globally, a complaint filed in a San Francisco federal court revealed.
Zoombombing occurs when an uninvited guest enters an insecure chat (not password-protected) to post pornographic or offensive material to harass users.
— Wendy N. Davis (@wendyndavis) April 7, 2020
Shareholder Michael Drieu filed the class action lawsuit, citing public disclosures of shortcomings in the app have hit Zoom's stocks, despite shares remaining up 67 percent in 2020 and increased usage amid the coronavirus pandemic.
Numerous organisations, including Tesla Inc, the New York City Department of Education and others, have begun banning Zoom over security concerns, with Taiwan being one of the first governments to ban use of the popular app, Bloomberg reported.
Zoom chief executive, Eric Yuan, apologised to users in an April blog post, stating that the company had "fallen short of the community’s – and our own – privacy and security expectations
— Zoom (@zoom_us) April 2, 2020
Zoombombing had been attributed to hackers exploiting vulnerabilities in the app, including weak encryption algorithms, to spy on meetings or control machines, according to researchers
He said in a follow-up post on the company's encryption policy: "Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption. While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it."
To date, Zoom's paid and free services have skyrocketed from 10m in December last year to 200m, according to company figures.