Zoom takes action after meeting IDs leak in careless screenshots

The video-conferencing app Zoom has been updated to remove the display of meeting IDs from its title bar, after a series of high profile privacy blunders by those sharing screenshots of their online meetings.

UK Prime Minister Boris Johnson caused much shaking of heads when he shared a screenshot on Twitter of a Zoom meeting he had with what he described as his “first ever digital Cabinet”, days before he was admitted to a hospital’s intensive care unit with a COVID-19 infection.

Johnson’s tweeted screenshot contained various details that might have been wiser to keep secret, including the meeting’s ID number.

Fortunately the sensitive meeting was protected with a password, but it still seems unwise to share such a piece of information.

The UK Prime Minister is not the only one to have inadvertently shared the meeting ID of their conference, as many millions more computer users have embraced such services for the first time.

For instance, Belgian MP Michael Freilich shared a screenshot of a parliamentary defence committee having a video conference.

It may have seemed harmless enough to him, but close examination of the MP’s shared screenshot revealed not only the meeting ID but also the password.

Freilich later claimed that the image had only been shared after the meeting had finished, and that future video conferences would take place using different credentials, but it still seems sloppy to unnecessarily share such information.

If a Zoom meeting is not properly secured, and its ID falls into the hands of mischief-makers, there is always the risk that it may fall foul of Zoom-bombing attacks where uninvited gatecrashers play pornographic content or act abusively to see what reaction they can generate.

Recent announcements by Zoom suggest that in the last week or so it has seen the light and recognised that it needs to take security and privacy concerns more seriously than it has done historically.

As well as fixing numerous flaws and vulnerabilities brought to light by security researchers in recent days, Zoom has also taken the step of removing the meeting ID from the Zoom app’s title bar on Windows, Mac, and Linux.

It’s just a minor, cosmetic change but an important one – especially as so many organisations and individuals seem keen to demonstrate via social media how they are continuing to do business – albeit virtually via video-conferencing apps rather than physically face-to-face.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: