WASHINGTON (CNN) — As video conference app Zoom surges in popularity due to increased usage amid the coronavirus pandemic, federal officials are now warning of a new potential privacy and security concern called “Zoombombing.”
The term refers to a form of cyber harassment reported by some app users, who have reported that some of their calls have been hijacked by unidentified individuals and trolls who spew hateful language or share graphic images.
“Zoombombing” has become so prevalent that this week the FBI issued a news release to warn people of the threat.
The FBI received “multiple reports” of video conference calls being interrupted by “pornographic and/or hate images and threatening language,” the agency said in its release.
A spokesperson for Zoom told CNN in an email on Thursday that the company is aware of the FBI’s recent press release and “appreciates all efforts to raise awareness around how to best prevent these kinds of attacks.”
“We are deeply upset to hear about the incidents involving this type of attack and we strongly condemn such behavior,” the spokesperson said in an email statement.
The company said it began “actively educating users on how they can protect their meetings and help prevent incidents of harassment” on March 20.
“We are listening to our community of users to help us evolve our approach,” the spokesperson said.
Incidents across the US
The FBI Boston Division cited two recent “Zoombombing” incidents at schools in Massachusetts.
In late March, the FBI said in an unidentified person or persons dialed into a high school teacher’s online class and yelled a profanity, as well as the teacher’s home address.
In a separate instance, also in a Massachusetts teacher’s virtual classroom, an individual who joined the conference call was seen on the video camera displaying swastika tattoos, the FBI said.
Similar “Zoombombing” threats have been reported across the country.
In Orange County, Florida, one man entered a virtual class and exposed himself, CNN affiliate WKMG reported.
At the University of Southern California, in Los Angeles, administrators sent an email to the university community last week addressing online class breaches.
“We are sorry to report we learned today that some of our online Zoom classes were disrupted by people who used racist and vile language that interrupted lectures and learning,” USC President Carol Folt and Provost Charles Zukoski wrote in an email, obtained by CNN. “We are taking immediate action to protect our classes from what is called Zoombombing — which, unfortunately, is taking place in organizations around the country.”
These instances of “Zoombombing” come as Zoom faces scrutiny over its privacy protections, which have been flagged by users, security researchers and US authorities.
Eric Yuan, Zoom’s CEO and founder, published a blog post on Wednesday to address people’s recent security concerns.
In it, he cited the company’s plan for the next 90 days to dedicate “the resources needed to better identify, address and fix issues proactively.”
These initiatives, he wrote, include “enacting a feature freeze” and “conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases,” according to the post.
Yuan also addressed “zoombombing” by referring concerned users to a March 20 blog post that outlines “the protective features that can help prevent this.”
“Keep Zooming responsibly,” the blog post reads, after listing tips to help “keep unwanted guests out.”
Federal officials urged those using video teleconferencing apps to exercise “due diligence and caution” in their cybersecurity efforts to help mitigate these threats.
Both the FBI and Zoom shared some steps to help secure video conference calls and protect people from potential hackers or trolls.
They recommend users: make their meetings private (Zoom has options to require a password, as well as a waiting room function to control who’s allowed in the call); avoid sharing the meeting link on public online forums; and limit screensharing to just the call’s host.