Zoom Settles Privacy Lawsuit in California for $85 Million

Sophie Webster, Tech Times 01 August 2021, 11:08 am

Zoom has agreed to settle a lawsuit in California over security and privacy. The company offered $85 million and had promised the court that it would update its services to improve its policies to end the case.

Zoom Settles Privacy Lawsuit

The video chat company was accused of giving the personal information of its users to third-party companies without the user's consent. The sharing of user data with Facebook and preventing hacks from happening were also an issue.

The US District Court filed the class-action lawsuit for the Northern District of California in 2020.

As of July 31, Zoom has updated the press of its decision to get out of the legal fight by paying compensation and promising it will change the features of its service.

According to Bloomberg, the video chat company agreed to pay $85 million to the state. This is a surprising move considering it refused to pay users after FTC filed a lawsuit against Zoom last year for end-to-end encryption lie that began in 2016.

The current settlement includes $25 million that will be given to Zoom subscribers covered by the lawsuit, and the $15 million will be given to those who cannot submit a paid subscription claim.

Also Read: Is Zoom Safe? Teleconferencing App Sued For Allegedly Selling User Info to Facebook

Zoom will be required to improve its privacy features. However, the company did not reveal the exact details of the changes.

The settlement is not final yet, as it still needs approval from the US District Judge Lucy Koh before it can get finalized.

Security Vulnerabilities

In April 2020, a security researcher discovered two vulnerabilities in its macOS client. The coronavirus pandemic has fueled the use of Zoom despite its weak security and questionable privacy features.

Since the number of Zoom users skyrocketed, local governments and hackers are raising concerns about the video chat platform.

Patrick Wardle, a former hacker and researcher for the National Security Agency, revealed two security vulnerabilities in the latest version of the app.

The first vulnerability is the way that Zoom installs itself on a Mac. It takes advantage of the installation process, which is done without any user interaction. A piece of malware or a user with low-level privileges can get root access to a computer.

The second vulnerability allows a local user or piece of malware to ride on Zoom's camera and microphone permissions. A hacker can put malicious code into the process space of Zoom.

The code can get the camera and microphone permissions, allowing hackers to hijack a call without the user's knowledge.

While hackers can exploit these vulnerabilities by physically accessing a computer, they are usually more common and challenging to prevent.

Aside from the security flaws, the video chat platform also caught flack for its privacy practices. In March 2020, Motherboard reported that the Zoom for iOS app sent off user data to Facebook, even if the user does not have an active Facebook account.

While Zoom has since removed the said feature, California had opened an investigation into the company, and the lawsuit began.

According to CBC News, the lawsuit, which is recently settled, alleges that the company did not clarify its data-sharing practices to its users. This mirrors the lawsuit that a shareholder filed last year accusing Zoom of not disclosing its practices.

This means that the users did not have any knowledge of what was done to their personal information.