Wednesday, April 15, 2020

Zoom Security…Or Lack Thereof



The Zoom conference platform has experienced explosive growth in the last few months and a stressful expansion to meet the needs of all their new customers.  They have made many improvements to security, including upgrading their encryption. 

Imagine my surprise when I saw this NBC headline this morning.  “Passwords and email addresses for thousands of Zoom accounts are for sale on the dark web.”  “Zoom users who reuse the same passwords from other accounts can face on ugly unintended consequence.”

“Many of the email addresses listed had been part of previous data breaches, which are often sold and repacked on hacker forums.”  To me, this says that the original breach occurred a while back before they made the recent improvements.

Alex Stamos, the former chief security officer at Facebook, currently an NBC News contributor, and currently advising the Zoom CEO on security, was quoted in the article:  “This happens to every company every single day,” he said. “It’s only because Zoom is in the spotlight that anyone in the media is even paying attention.”

The entire article is here:  https://www.nbcnews.com/tech/security/passwords-email-addresses-thousands-zoom-accounts-are-sale-dark-web-n1183796

What does this mean for us

I will continue to use Zoom for exercise and church and even Genies meetings.  We’ll still have a Zoom practice this Friday and our monthly meeting next Monday.  I will use a waiting room and admit only people I know. 

At Zoom I used a very strong password and I changed it this morning.  You should know that to be a participant you don’t need an account.  If you have a Zoom account, just consider if you need it and assess the risk you think it brings.

Definitely consider how strong your other passwords are.   A few years ago a similar breach happened at a lesser-known genealogy site.  The only people who had problems were the ones who used the same password at Ancestry. 

The biggest warning I hear is don’t repeat your passwords at multiple sites.  We know this but we don’t do it.  There is a balance between security and convenience and we have to find it. 

Hope to see you soon. 
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)