Skip to content
Protect Your Digital WorldRevolutionizing Tech at Cyber Tech Hub

Zoom Security Expert Warns of Misused Links Exposing Sensitive Data

Zoom links with embedded passcodes can be misused, exposing sensitive data. Here's how to protect your meetings.

 and  Administrator
1 min read
In this picture people are here for some meeting. In this we can see a person holding microphone...
In this picture people are here for some meeting. In this we can see a person holding microphone and saying something and we have spectators and behind him we have some person may be his teammates wearing id cards and we can see a presentation and there is a video player and it seems like vacant office space.

Reddit security engineer Charan Akiri has raised concerns about the misuse of Zoom meeting links, particularly those with embedded passcodes, which can grant unauthorized access to meetings and sensitive data. Akiri, who discovered that many public Salesforce websites were leaking private data, including open Zoom meeting links, suggests several safety tips for using Zoom links.

Akiri warns that using the Personal Meeting ID (PMI) for public meetings can be risky. PMIs are permanent identification numbers linked to your Zoom account and serve as your personal meeting room. While convenient for setting up new meetings, they can compromise security if not properly protected. Anyone with your PMI link can join ongoing meetings unless locked or using the Waiting Room feature.

To enhance security, Akiri suggests not using the PMI for public meetings. Instead, he recommends requiring a passcode to join and only allowing registered or domain-verified users. Zoom offers an option to include an encrypted passcode within a meeting invite link, simplifying the process for attendees. However, Akiri cautions that if not handled responsibly, passcodes can also open meetings to unwanted intruders, especially if the link is indexed by search engines.

KrebsOnSecurity found working Zoom meeting links for several high-profile organizations, including The National Football League, LinkedIn, Oracle, Humana, Disney, Warner Bros, and Uber. Many organizations have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee.

Akiri's findings highlight the importance of responsible Zoom link management. Companies should avoid using PMIs for public meetings, enforce passcode requirements, and verify user domains. By following these tips, organizations can better protect their meetings and confidential information from unauthorized access.

Read also:

Related

Latest