Zoom stock dropped as much as 14.5% this morning, after concerns over the security of the company’s video-chat and meeting software led to several major organizations banning or discouraging its use. The reversal follows a huge surge in usage during a worldwide lockdown to combat the coronavirus pandemic.
Most notably, the New York City Department of Education, which oversees the country’s largest public school system, banned the software outright. The department says schools “should move away from using Zoom as soon as possible” and will transition to different platforms, including Microsoft Teams.
The Clark County School District in Nevada has also announced it will “disable access to Zoom out of an abundance of caution,” while the Washington Post reports that several other districts are reassessing their use of the tool. This follows the March 28 move by SpaceX to ban the use of Zoom.
Before this morning’s selloff, a huge influx of new users pushed Zoom’s market cap as high as $42 billion. Credit Suisse this morning advised customers that the run-up had left the company overvalued.
In a statement, Zoom said that it “takes user privacy, security, and trust extremely seriously” and that the company is “working around-the-clock” to improve security. The company has created a security best-practices guide tailored to education applications, and has changed some default settings for education users to correct security weaknesses.
The most dramatic incidents causing concern have been so-called “Zoom bombings,” in which unwelcome attendees access Zoom meetings and troll or harass participants. These incidents appear to be partly a matter of poor security practices by users, including publicly sharing meeting IDs and failing to password-protect meetings. It was also recently discovered that some users are unwittingly saving recorded files to the open web.
Those problems highlight an education gap, as tens of thousands of users adopt online meeting software for the first time. But Zoom’s meeting ID format appears to make these user errors worse. Security researchers last week found that it was possible to “war dial” Zoom meetings, using an automated tool to find unprotected meetings. The format also reportedly makes it easier to find unencrypted meeting recordings.
Recent days have highlighted a number of deeper concerns with the underlying security of Zoom software and the company’s practices. Zoom is facing lawsuits in New York and California for sharing user data with Facebook, a practice Zoom has since halted.
On Friday, it was revealed that some Zoom calls were routed through data centers in China, potentially making them easier to compromise. Recent reports also found that while Zoom claimed it used “end to end encryption” to protect calls, that claim was misleading.