Zoom Sued By Shareholder For Overstating Privacy Standards, Failing To Disclose Security Flaws

Zoom Video Communications, Inc. (NASDAQ: ZM) got hit with a class-action lawsuit over the privacy and security concerns that came to light as the company's video-conferencing app gained massive popularity worldwide amid the Covi-19 pandemic. Case number 5:20-cv-02353 was filed this Tuesday in the US District Court for the Northern District of California by Michael Drieu, a shareholder.

According to the court documents, Mr. Drieu claims that the company concealed the truth about its platform's security, which has come under intense scrutiny, as millions of people have started using it to work and study remotely. In just a few months, the number of daily users of the platform has skyrocketed from 10 million in December to more than 200 million in March.

The company's stock price has also seen significant movement. Zoom shares were traded at about $68 on January 1, climbing to a peak of $159 in the second half of March. Since then, however, the criticism that Zoom has faced over security and privacy issues have pushed it down to a close at $113 on April 7.

These fluctuations come as no surprise, considering the revelations that Zoom's service is not using AES-256 algorithm encryption as advertised, but an AES-128 key in electronic code book (ECB) mode instead. The weaker encryption has meant all sorts of trouble for Zoom users already, as threat actors have started exploiting it to eavesdrop on video-conferences or simply harass people, giving rise to the term ''Zoombombing''.

Several major organizations have already banned employees from using Zoom, including the New York City Department of Education and Elon Musk's space exploration company Space X.

Taiwan's government has also ordered all government agencies to move from using Zoom to Microsoft and Google video-conferencing services. The move comes after a Citizen Lab report revealed that Zoom was sending encryption keys to servers in China, a practice which the company has since stopped and apologized for.

The trouble with that, as stated in Citizen Lab's report, is that: ''Zoom may be legally obligated to disclose these keys to authorities in China,'' posing a threat to Taiwan's government, which rejects Beijing's assertion that the self-ruled island as part of its territory.

Eric Yuan, Zoom's Chief Executive Officer, publicly apologized for the company's shortcomings in a blog post last week. The company has also suspended the development of any new features for 90 days, as resources are redirected to address the privacy and security issues that have been uncovered over the course of the past few weeks.

Zoom Sued By Shareholder For Overstating Privacy Standards, Failing To Disclose Security Flaws Screenshots