Zoom founder promises to remedy security, privacy concerns during a ‘feature freeze’

The company is working to address security and privacy issues raised in recent days about its teleconferencing platform.
Zoom teleconference
(Image courtesy of Zoom)

Zoom’s founder says the company behind the popular videoconferencing app will spend the next 90 days focused on fixing security issues.

In a blog post Thursday, Zoom founder Eric S. Yuan said the technology firm is enacting a “feature freeze,” in which employees will turn their attention from enhancing usability toward tightening data protection. The announcement comes as the number of daily Zoom users has skyrocketed to 200 million users in March, up from 10 million in December, as much of the world’s workforce moves to remote work amid the COVID-19 pandemic.

The update from the San Jose-based company comes after the FBI issued a public warning about “Zoombombing,” in which white supremacists and other unauthorized outsiders have hijacked teleconferences. In some cases, internet trolls have disrupted online classes to shout profanities at teachers.

Zoom also was hit with a class-action lawsuit in which users claimed the company was sharing their data with Facebook in violation of California privacy law.


Meanwhile, cybersecurity researchers have probed Zoom technology to find a number of vulnerabilities. In one case this week, a researcher determined that attackers could exploit Zoom to access users’ webcam and microphones, in the unlikely event that hackers had physical access to a victim’s computer.

Zoom quickly fixed the webcam and microphone issue and is working to prevent unnecessary data sharing, Yuan said in the blog post. The company has also issued a fix for a Universal Naming Convention link issue that could have allowed attackers to steal passwords from people using Zoom’s Microsoft Windows client.

The company founder went on to apologize for failing to meet users’ expectations around privacy and data security issues. Zoom intends to begin deploying security processes like penetration testing, bolstering an existing bug bounty program, and sharing information about best practices with security executives in an attempt to fend off attacks, Yuan said.

The company also is preparing a transparency report detailing law enforcement requests for Zoom users’ data, he said, acknowledging a practice already widely in use among Silicon Valley firms.

In recent weeks, Yuan said, the company has prioritized keeping Zoom operational and user friendly amid a period of exponential growth.


“We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security,” he said.

“[W]e recognize that we have fallen short of the community’s – and our own – privacy and security expectations,” he added. “For that, I am deeply sorry[.]”

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts