Zoom Video Communications is facing increased scrutiny over customer privacy this month as New York's top prosecutor is probing the suddenly popular teleconferencing company's security practices during the coronavirus work-from-home movement . Zoom also is being sued in California for allegedly giving users' personal data to outside companies including Facebook without fully informing customers that's the case.
Zoom's software reported to Facebook whenever a Zoom user logged on for a conference call, a lawsuit filed Monday stated. After a user logged on, Zoom gave Facebook the person's customer information, including what device a person used to access Zoom, the device's model and the device's unique advertising identifier.
"The unique advertising identifier allows companies to target the user with advertisements," the lawsuit states. "This information is sent to Facebook by Zoom regardless of whether the user has an account with Facebook."
Zoom officials acknowledged its data sharing in blog posts and said they have changed the practice.
CEO Eric Yuan said company officials "were made aware" of Facebook data sharing last week, after a news report from Vice Media detailed the practice. Yuan said the sharing began after Zoom gave users the option of logging on via a Facebook Software Development Kit, or SDK.
"Our customers' privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our [Apple-based] client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser," Yuan said in a blog post.
The lawsuit also states Zoom was paid for sharing user data, although court documents don't disclose how much money Zoom allegedly received.
Aparna Bawa, Zoom's chief legal officer, said in a blog post that Zoom "has never sold user data in the past and has no intention of selling users' data going forward."
New York Attorney General Letitia James has asked Zoom to provide specifics about how the company will safeguard users' data. In a letter James' office sent to Zoom, the state's attorney general said her office is "concerned that Zoom's existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network."
"While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices," James' letter said.
A Zoom spokesperson said Tuesday that company officials would provide James with the information requested.
Zoom's security protocols gained even more attention in recent weeks after the FBI reported an increase in so-called Zoom-Bombing incidents, where a hacker joins a video conference to post pornographic or hate images. The agency's Boston office advised users not to make meetings public or share links to the video conference on social media.
While the coronavirus pandemic has spelled doom for many U.S. companies, Zoom is one exception. Workers are using it more to hold meetings as public health officials emphasize social distancing and shelter-at-home and work-from-home practices. School districts and university professors are using Zoom to continue classes during the spring semester.
Wall Street has taken notice of Zoom's rising popularity as well. While the S&P 500-stock index has dropped about 25% since its record high Feb. 19, Zoom stock has soared 46% since then because investors are betting Zoom will become a mainstream corporate and social staple after the coronavirus dissipates.
—The Associated Press contributed to this report.