Coronavirus lockdowns have pushed Zoom to its limits exposing a series of severe security cracks that have gone overlooked for years. The video-conferencing service has today announced it’s pulling out all the stops to patch them. In a lengthy blog post, its CEO Eric S. Yuan announced that the company is freezing development on new user-facing features to exclusively focus on privacy improvements over the next 90 days.
Yuan also put a number on Zoom’s coronavirus surge. He revealed that the video-conferencing software has sustained nearly a 1900% growth and now hosts 200 million daily meeting participants (both free and paid), up from 10 million from December last year.
“We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it,” he added.
But that surge has come at a cost. In the past few weeks, security researchers have discovered a range of alarming vulnerabilities inside Zoom’s infrastructure. The California-based company was also found lying about its end-to-end encryption which meant its employees, if wanted, could access your video meetings. On top of that, Zoom was hit by a class-action lawsuit and is under scrutiny by the office of New York’s attorney general, Letitia James over its data-collection practices.
To deal with this avalanche of security issues, Zoom is enacting a feature freeze and relocating all of its “engineering resources to focus on our biggest trust, safety, and privacy issues.” This essentially means you likely won’t see any major user-facing updates from it at least in the next three months. It’s also promising to be more transparent and “preparing a transparency report that details information related to requests for data, records, or content.”