Zoom’s copious shortcomings with regard to protecting the privacy of those who use its video conferencing app allowed for “uninvited men” to join a Texas woman’s burlesque and pole dancing class, a proposed class action lawsuit claims.
Echoing a number of other cases against the San Jose company, the 24-page lawsuit alleges Zoom Video Communications, Inc. has effectively fallen short in every way when it comes to protecting user data and providing safe, secure video conferencing. Despite touting that its platform was secure and private—not to mention encrypted end-to-end—Zoom has failed to prevent bad actors from joining meetings without authorization, accessing web cameras surreptitiously and accessing thousands of recorded meetings stored online, the complaint claims.
Moreover, in light of Zoom’s apparent privacy vulnerabilities, the suit alleges the company has actively shared information with third parties, including Facebook, without disclosing such to users.
As daily usage of its video conferencing platform has soared during the novel coronavirus pandemic, Zoom has acknowledged the importance of privacy and security for users who reasonably expect that their data and communications will be safeguarded, the case says. Among its assurances, Zoom has claimed its platform was encrypted end to end with 256-bit AES encryption while boasting that such is in line with the safeguards relied upon by healthcare and governmental bodies, per the complaint.
Notwithstanding the defendant’s “unequivocal representations” of the strength of its data protection, Zoom’s video conferencing platform is far less secure than users have been led to believe, according to the lawsuit. In addition to lacking end-to-end encryption, Zoom can potentially bypass Mac security systems, allowing third parties to enable and access a user’s webcam and launch into a meeting without authorization, the case says. Further, Zoom’s “lax security protocols” have caused thousands of non-password-protected recorded meetings to be viewable on the internet, according to the complaint.
The lawsuit was filed by an Austin dance studio owner whose business was closed as a result of Texas’ shelter-in-place order. In mid-March, the plaintiff bought a Zoom license and began providing practice sessions for clients online, per the lawsuit. Prior to signing up with Zoom, the suit says, the plaintiff researched Zoom’s security features, learning that the platform purportedly featured end-to-end encryption and cloud recording.
After the plaintiff started using Zoom, however, “uninvited men” turned up for some of her classes and began “intimidating and harassing” clients, the lawsuit alleges. According to the case, the plaintiff had to cancel a session on at least one occasion due to the disruptions.
“As a result, several of [the plaintiff’s] students have refused to join more classes because of their fear over future incidents. [The plaintiff’s] business has suffered as a result,” the lawsuit reads. “[The plaintiff] continues to pay for Zoom, but she continues to worry about Zoom’s security flaws.”
The case claims the plaintiff would not have paid for a Zoom license had she known of the platform’s security vulnerabilities.
The lawsuit looks to cover everyone in the United States who has used Zoom Meetings, as well as a subclass comprised of those who have bought one or more Zoom Meetings plans.
ClassAction.org’s coverage of COVID-19 litigation can be found here and over on our Newswire.