What is Zoombombing?
Many Zoombombing incidents have amounted to a form of trolling. Hackers gain access to a Zoom meeting and attempt to disrupt the video chat and upset participants by shouting profanity or racial slurs, or putting disturbing or offensive images in their video feed.
How are hackers joining Zoom meetings they aren’t supposed to be in?
The majority of Zoombombing attacks appear not to be the product of flaws in Zoom’s code, but rather of users’ overall cybersecurity hygiene and their imperfect command of Zoom’s privacy settings.
If a Zoom meeting is set to public, it can be accessed by anyone with the correct link. According to Roy Zur, cofounder and CEO of cybersecurity firm Cybint, bad actors can find these addresses simply by searching for “zoom.us” on social media sites like Facebook, where public meeting links are often posted.
How can I prevent Zoombombing of my meetings and video calls?
There are several important, mostly straightforward ways to protect your meetings. Zoom recommends that users read this detailed guide, which covers precautions for keeping their meetings safe.
Most importantly, Zoom users should not share meeting links publicly. This is perhaps the single most obvious precaution you can take. Rather than posting a meeting link to a Facebook group or in a promotional tweet, distribute information via a more private method, such as email.
Second, set your meetings to “private.” Zoom now sets all new meetings to “private” by default, requiring attendees to provide a password for access. But users often opt to make meetings public for the sake of convenience. Given the wave of Zoombombings, the inconvenience of requiring a password is probably worthwhile in keeping your meeting safe.
Also, don’t use your personal meeting ID. Every registered Zoom user has a personal meeting ID, linked to what is essentially a permanent virtual meeting room. Because that ID doesn’t change, sharing it publicly increases the chance that future meetings using your personal ID might be Zoom bombed. To avoid the risk of Zoombombing, share your personal meeting ID only with your most trusted contacts. Generally, while Zoom will prompt you to use your personal ID for “instant” meetings, scheduled meetings will use a one-time meeting ID, reducing risk.
Finally, restrict video sharing. If the meeting host is the only person who needs to share video, such as in a seminar or presentation, the host should change Zoom’s screen-sharing setting to “Host only.”
Is Zoom safe to use?
Yes. However, given the wave of Zoom bombings, you might suspect there's a problem with the Zoom software. Zoom is generally doing a good job on security, and the bulk of Zoom bombings are most likely due to lax user practices rather than bugs. However, the very popularity of Zoom may inherently make it riskier.