Save big now! Microsoft has Surface Laptop 3 discounted by $400

  • Forums
  • Shop
  • Best Laptops
  • Best Graphics Cards
  • Best Motherboards
  • Best Antivirus
  • Best VPN
  • Dell XPS 13 Deals
  • PC Parts Deals
this is not fine.gif

Zoom's 'Company Directory' feature pooled thousands of personal email addresses, exposing user data

Zoom's privacy and security is not really inspiring much confidence, is it?
Stephen Warwick
1 Apr 2020

Zoom App Source: Bryan M. Wolfe/iMore

What you need to know

  • Zoom has a 'Company Directory' feature which pools users of the same domain name, making it easier to find colleagues if you work in the same company.
  • However, countless users are saying that their personal email addresses have been pooled with thousands of random people.
  • Personal data including full names, mail addresses, profile picture and statuses were all shared with strangers.

The dumpster fire that is Zoom's security and privacy practices continues to rage after it emerged that Zoom's 'Company Directory' feature pooled thousands of strangers together, exposing personal data.

According to a report from Motherboard

Popular video-conferencing Zoom is leaking personal information of at least thousands of users, including their email address and photo, and giving strangers the ability to attempt to start a video call with them through Zoom.

The issue lies in Zoom's "Company Directory" setting, which automatically adds other people to a user's lists of contacts if they signed up with an email address that shares the same domain. This can make it easier to find a specific colleague to call when the domain belongs to an individual company. But multiple Zoom users say they signed up with personal email addresses, and Zoom pooled them together with thousands of other people as if they all worked for the same company, exposing their personal information to one another.

The report cites users who created Zoom accounts and were met with the information of some 995 other people they had never met or heard of, including their names, images and mail addresses.

Zoom LeakSource: Motherboard

The above screenshot provided to the initial report shows an instance of the 'Company Directory' feature, and how it pooled together hundreds of random users. The report notes that on Zoom's website, it explains the directory feature as follows:

"By default, your Zoom contacts directory contains internal users in the same organization, who are either on the same account or who's email address uses the same domain as yours (except for publicly used domains including gmail.com, yahoo.com, hotmail.com, etc) in the Company Directory section."

However, as Vice has noted, Zoom seems to have forgotten about a few personal domains, notably several Dutch ISPs and their domains, xs4all.nl, dds.nl, and quicknet.nl. On Twitter, the found other instances of Dutch users reporting the issue.

@zoom_us I just had a look at the free for private use version of Zoom and registered with my private email. I now got 1000 names, email addresses and even pictures of people in the company Directory. Is this intentional? #GDPR pic.twitter.com/bw5xZIGtSE

— Jeroen J.V Lebon #UEMFirst :wq (@JJVLebon) March 23, 2020

The revelation is another extremely unnerving blunder in Zoom's privacy and security practices, that have been exposed recently since the app's surge in popularity, driven by global social distancing measures.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

In the last week alone it has emerged that Zoom's calls are not end-to-end encrypted despite several claims that they are, that Zoom was previously sending user data to Facebook even if they didn't have Facebook accounts, a flaw it has rectified and that Zoom uses a "very shady" pre-installation protocol for macOS, the same kind used by macOS malware to bypass macOS security.

It's important to note that as mentioned, this does not affect users with common email addresses such as Gmail, Yahoo or Hotmail accounts, however, Zoom appears to have missed enough personal email domains such that thousands of users have had their personal data shared with strangers.

GroupMe may finally get video and voice calls to compete with WhatsApp
Move over Skype

GroupMe may finally get video and voice calls to compete with WhatsApp

Microsoft may finally realize GroupMe has a lot of potential. The group messaging app is popular on US college campuses and smaller organizations, but it may pick up voice and video calls, at least according to a recent user survey.

Hey Sony, it's time for Bloodborne to come to PC
To Yharnam!

Hey Sony, it's time for Bloodborne to come to PC

PlayStation CEO Jim Ryan recently announced that more PlayStation exclusives are coming to PC in the near future. Here's why Bloodborne should be on the list.

Job listings suggest the Surface Duo 2 could feature 5G and a better camera
Duo take two

Job listings suggest the Surface Duo 2 could feature 5G and a better camera

Multiple job listings from Microsoft discuss a Surface Duo with 5G support and an improved camera. Many of the listings have since been taken down, but a few remain up that hint at what a Surface Duo 2 could look like.

Complete list of apps supported by NVIDIA RTX Voice
Tune out the noise with Voice

Complete list of apps supported by NVIDIA RTX Voice

NVIDIA RTX Voice can remove the background noise from your streams, voice chats, and video conferences. Here are all the Windows apps with official NVIDIA RTX Voice support.

Keep in Touch

Sign up now to get the latest news, deals & more from Windows Central!

I would like to receive news and offers from other Future brands.

I would like to receive mail from Future partners.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.

  • News
  • apps
  • Windows 10
  • Laptops
  • Surface
  • Reviews
  • Gaming & Xbox
  • How To
  • Forums
  • Deals
  • PC Components

Other Categories

  • About Us
  • Licensing and Reprints
  • Advertise
  • Newsletter
  • Windows Central Merch
  • Accessibility Statement
  • Android Central
  • iMore
  • CrackBerry
  • Thrifter
  • TechnoBuffalo
  • MrMobile
Log in or Sign up
  • t
  • f
  • p
  • i
  • r

Brightness

  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement
  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement