Skip to main content

Zoom agrees to pay whopping settlement fee over ‘zoombombing’ and privacy

Zoom, the company behind the popular videoconferencing software of the same name, has agreed to pay $85 million to settle a lawsuit regarding its privacy and security practices.

The suit was brought by users who accused California-based Zoom of sharing their data with third-party companies such as Facebook, Google, and LinkedIn without permission, as well as lax security that led to so-called “zoombombing” incidents where trolls would suddenly drop shocking images or other distasteful content into meetings.

The settlement, announced on Saturday, still needs the approval of U.S. District Judge Lucy Koh in San Jose, California, but assuming it goes through, Zoom customers can expect to receive a 15% refund on a portion of their subscription fee or $25, whichever is greater. Zoom subscribers outside of the suit could receive a payment of up to $15.

Besides the payment, the terms of the settlement also require Zoom to put in place more robust security measures and provide Zoom employees with special training geared toward improving privacy measures and data handling, Reuters reported.

A number of class-action complaints were brought against Zoom in the spring of 2020 over zoombombing incidents and alleged malpractice. Zoom tried to persuade the court to throw out the suits, and while the U.S. District Court for the Northern District of California agreed to dismiss some, it consolidated the remaining ones into a single lawsuit at the center of the agreement announced at the weekend.

Commenting on the case, Zoom said, “The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us.”

Highlighting a series of software updates issued last year in a bid to block zoombombing attacks, as well as changes that it made to address privacy and security concerns, the company added, “We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.”

Before the pandemic, Zoom’s videoconferencing software, which launched in 2012, was largely confined to the workplace. But as a rapid spread in coronavirus infections in early 2020 forced many people to stay home, Zoom downloads quickly went off the charts, with millions around the world using it not only for remote working, but also to stay in touch with friends and family. The sudden uptick in users appeared to take the company by surprise, with the increase in demand exposing software vulnerabilities while at the same time shining a light on its broader operations.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more