US dance instructor sues Zoom after 'uninvited men' hack class sessions to harass her clients

Simins has a Zoom Pro account and expected the video conferencing service to "be private and secure". A handout photo.
PHOTO: South China Morning Post

A dance instructor in the United States has filed a lawsuit against Zoom claiming that its security flaw allowed "uninvited men" to hack into her online sessions and harass her clients, according to a report by Fox Business.

As a result of the harassment, Texas-based Stacey Simins, who had been conducting burlesque and pole dancing lessons through Zoom since March, stated that she has had to cancel some sessions and lose clients.

Simins has a Zoom Pro account and expected the video conferencing service to "be private and secure".

A Zoom Pro account costs US$14.99 (S$21) a month with extra features like admin feature controls and 24-hour meeting duration limits (on the free Basic plan, there is a 40-minute duration limit for group meetings).

Zoom also allows participants without Zoom accounts who have been invited by the host to join meetings from any device.

"After Ms Simins began using Zoom, uninvited men joined some of her classes on Zoom. The attackers were intimidating and harassing to Ms Simins's clients. On at least one occasion, Ms Simins had to cancel a session as a result... (and) several of Ms Simins's students have refused to join more classes because of their fear over future incidents," the suit stated.

Simins' complaint highlights Zoom's "security failings" that have permitted "bad actors" to hack into thousands of live video conferences, record meetings that were stored in its server and even access web cameras, the article reported.

"Zoom has long marketed the service as being protected with end-to-end, 256-bit encryption. But in reality, Zoom has failed to deliver private and secure video conferencing: The level of encryption Zoom provides is far less robust than what it promised," the suit added.

Simins filed the lawsuit on Monday (April 27) in California federal court seeking class-action status. A Zoom spokesperson pointed Fox Business to Zoom CEO Eric Yuan's April 1 blog post detailing the company's 90-day plan to address its security flaws.

"Zoom offers a number of built-in protections to help hosts protect their meetings and we have recently made a series of updates to help hosts more easily access these features and avoid uninvited guests," the spokesperson said in a statement.

In a recent Progress Report, Zoom said it has introduced a feature to allow users to 'Report a User' though a new Security Icon on the lower toolbar. The company also claimed that it's not possible for a Zoom user to record a meeting without the other users knowing.

"No, Zoom is required by law to inform users when they are being recorded and has clear audio and visual prompts when a recording is started," Zoom said in the Progress Report.