Just yesterday, we talked about the fact that Zoom, a popular video conferencing application due to widespread self-isolation and quarantine, has been criticized by the media and information security experts. Now, the journalists of the publication Vice motherboard discovered a new problem in Zoom: it turned out that users with email addresses located in the same domain are automatically added to each other's contact lists, which is why strangers call people.
The problem lies in setting up the Company Directory, which was created to simplify the search for colleagues if the email domain belongs to a particular company. However, many users used personal mailing addresses for registration and eventually found thousands of people in their contacts, because the application considered that they all work in the same company and disclosed their personal data to each other.
"I was shocked! I went in (fortunately, using a pseudonym) and saw 995 people unknown to me with their names, photos and mailing addresses, ”one of the affected users, Barend Gehrels, told the publication. He notes that his partner had the same problem with another email provider: more than 300 strangers appeared in her contacts.
“If you enter Zoom with a non-standard email provider (I mean, not Gmail, not Hotmail, not Yahoo, and so on), then you will see ALL logged-in users of this provider: their full names, email addresses, profile picture (if any) ) and current status. And you can make them a video call. ”
Gerels says that he encountered this problem using the Dutch mail providers xs4all.nl, dds.nl and quicknet.nl. Journalists report that judging by social media posts, many users from the Netherlands have already encountered such a bug, and last weekend the XS4ALL provider already wrote, which, unfortunately, will not be able to help its users with this problem.
Representatives of Zoom, who contacted the publication, said that the company regularly updates the lists of domains associated with the Company Directory function, and the providers listed in Vice Motherboard are now blacklisted. That is, their users will no longer see hundreds of strangers in their contacts. The developers also noted that the application website has special sectionwhere you can apply for the exclusion of other domains from the Company Directory.