In response, Zoom Chief Executive Officer (CEO) Eric Yuan said in a blogpost the same day, that in its haste to support the vast number of users it was adding, the company failed to fully implement its usual geofencing best practices. “However, in February, Zoom rapidly added capacity to our Chinese region to handle a massive increase in demand. In our haste, we mistakenly added our two Chinese data centres to a lengthy whitelist of back-up bridges, potentially enabling non-Chinese clients to — under extremely limited circumstances — connect to them,” he said.
The blogpost also said that the error had no impact on its Zoom for Government Cloud, a separate cloud service for government customers. Several Indian enterprises and even government meetings take place on Zoom.
Coupled with these revelations and earlier privacy concerns, including sharing user data with LinkedIn and Facebook and ‘Zoombombing’, where people can enter Zoom meetings uninvited and share hate speech or pornographic images, the San José-based company has lost clients like Tesla and the New York City Department of Education.
In India, however, as Zoom gains popularity, there hasn’t been any large-scale impact; a large number of businesses and governments continue to use the platform.
The Indian Computer Emergency Response Team (CERT-In) put out an advisory on March 30 about ‘secure usage of Zoom videoconferencing application’, detailing the steps users should take to ensure their data remains protected.
“There is nothing as such that we have done. We checked with Zoom and they assured us that Indian data is not being sent to Chinese servers,” said a government official.
which use Zoom extensively for meetings have been telling their employees to be more careful with the use of the software. A large firm in the information technology sector has been sending emails to its employees educating them on the proper and safe use of Zoom.
experts, however, say that for more sensitive meetings, users should consider moving to alternative, more secure applications. “I recommend using other end-to-end encrypted video platforms to ensure privacy. Also, I would not recommend free software for sensitive or private meetings. For example, Cisco’s Webex, Signal, etc ensure the maximum level of security by adjusting the platform’s settings. To avoid being ‘Zoombombed’, users should avoid sharing the link or meeting ID on social media or other public websites,” said Manan Shah, founder and CEO of cybersecurity
firm Avalance Global Solutions.
Rajshekhar Rajaharia, an independent cybersecurity
researcher, said Zoom passwords for private meetings can also get indexed on Google. He cautioned users that while starting a meeting on Zoom, one should not share an invitation URL that is already having a password. “You can share a meeting ID and password separately because people can misuse the URL or they may be indexed by Google. Previously invitations to WhatsApp group chats were being indexed by Google,” he said.