Zoom, a popular video conferencing service, is pausing its feature updates for 90 days. Just as it experienced explosive user growth as the world adjusts to working from home, researchers discovered numerous security and privacy issues. So the company is vowing to take a break from features to plug the holes.
According to a Zoom blog post, the number of its daily active users is far higher right now than it ever has been before. Whereas last December, the company saw an average of 10 million daily active users, it now sees somewhere closer to 200 million daily active users. That’s a pretty big success for the company, but it came at a cost.
Months ago, the company was under fire for installing secret web servers that allowed websites to start your camera without your consent. While the company fixed that problem, security researchers have since found other security and privacy issues.
The Windows version of Zoom has a particularly nasty bug that allows bad actors to steal your Windows credentials. It also seems that Zoom isn’t end-to-end encrypted, despite marketing suggested otherwise. And for a while, Zoom was sending your data to Facebook, even if you don’t use Facebook.
The company has already addressed some of these issues and is working on others. But in its blog post, it paints of picture of both being overwhelmed by the influx of users. Additionally, the company says it designed the Zoom service primarily for enterprise scenarios, where dedicated IT departments would presumably enforce security measures.
Those aren’t great answers, though, and Zoom seems to know it. So the company will pause working on new features for 90 days to address outstanding security issues. It also increased its bug bounty reward program.
Those are encouraging steps to take, and hopefully, the company comes out better for the process.