A class-action suit was filed against Zoom, Facebook, and LinkedIn claiming Zoom allows the other defendants to eavesdrop on and read communications between Zoom users’ devices and Zoom’s server. Todd Hurvitz, represented by Loevy and Loevy, says Zoom users’ identities were given to third parties and Zoom falsely represented their security measures to their users.
The complaint says when the Zoom software app is installed, Facebook could access communications, particularly on Apple iOS devices such as the iPhone. “Facebook engaged in that unlawful conduct in order to gather users’ personal information and amass increasingly detailed profiles on Zoom users, which profiles Zoom and Facebook then used for their respective financial benefit,” the complaint states. It says Facebook recorded information without authorization or the participant’s knowledge and used it to create profiles for use in targeted advertising. Hurvitz also claims Zoom used the profiles to target users to attempt to convert them to paid subscriptions.
The complaint also alleges Zoom and LinkedIn provided users with personal information from other accounts even when steps were taken to keep information private. Through an integrated app called Navigator, a person could view LinkedIn details of another person in a meeting even if they were trying to hide the details. “LinkedIn engaged in this conduct in an unauthorized manner and without the meeting participants’ knowledge or consent. The meeting participants had a reasonable expectation of privacy in the communications and reasonably believed the communications were confidential,” the complaint says. It claims LinkedIn and Zoom could access the information even when Zoom users were not using the Navigator app.
The complaint says Zoom “consistently represented” that their system was secure and no information collected by Zoom would be given to third parties but alleges this claim was false. “Contrary to Defendant Zoom’s representations, Zoom did not protect users’ data using either AES-256. Rather, Zoom used weaker data protection methods that exposed users to security hazards.” The complaint cites instances where Zoom has encountered security issues in the past and claims they consistently have bad security policies and misrepresent their security features to their users. They also claim Facebook and LinkedIn have had multiple security issues in the past.
Zoom is facing other privacy lawsuits and complaints in the last month including another class-action complaint concerning security and letters from state attorneys general. In total, Zoom has been sued at least 11 times since March.