Zoom Sued For Security Lapses, Hires Ex-Facebook Security Boss Stamos

Image credit: Zoom Video Communications

Video conferencing app hit with lawsuit for overstating its privacy standards, as it hires former Facebook security executive

Popular video conferencing app Zoom Video Communications has hired Alex Stamos as an advisor as it scrambles to respond security and privacy concerns.

Stamos is formerly the security boss at Facebook, and prior to that he was the security chief at Yahoo. He also had previous stints at Loudcloud and NCC Group Domain Services, ISEC Partners, and security firm Artemis.

Meanwhile Zoom has also been slapped with a lawsuit from a Zoom shareholder, accusing the video-conferencing app of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted.

Image credit: UK Government/Twitter
Image credit: UK Government/Twitter

Stamos hire

The role of Alex Stamos is, according to Reuters, as a Zoom adviser and the firm has additionally set up an advisory board to improve its privacy and security.

Last week chief executive Eric Yuan said he recognized “that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.”

Usage of Zoom has spiked during the Coronavirus pandemic, and has seen the company’s shares rise dramatically over the past few weeks.

For example, the British government held its first-ever video-conferenced Cabinet meeting a couple of weeks ago, and even the Prime Minister Boris Johnson tweeted a photo of himself using the application, in which a meeting ID was visible.

The British government also pushed back amid criticism from some quarters over its use of Zoom. It said Zoom was used as many ministers were self-isolating at home, with no access to official government video conferencing systems.

Zoom criticism

But there has been criticism of the app over the lack of end-to-end encryption of meeting sessions, as well as routing of traffic through China.

There has also been criticism of “zoombombing”, where uninvited guests crashed meetings.

The hiring of Stamos is somewhat ironic considering that he had been tweeting in late March, calling for Zoom to be more transparent and roll out a 30-day security plan.

Following those tweets, Zoom’s Eric Yuan called up Stamos, asking him to help the company build up its security, privacy and safety capabilities as an outside consultant, Reuters reported.

alex stamos facebook

“To be clear, I am not an employee or executive of Zoom and I don’t speak for the company,” wrote Stamos in a blog post. I have refrained from any public comment on Zoom or discussions with journalists since my call with Eric, but in the interest of transparency I think it’s important to disclose this work.

“Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects,” Stamos wrote.

Zoom lawsuit

Meanwhile Zoom has also been hit with a lawsuit from a shareholder, Reuters reported.

The lawsuit filed in the US District Court for the Northern District of California, accused Zoom of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted.

Shareholder Michael Drieu claimed in a court filing that a string of recent media reports highlighting the privacy flaws in Zoom’s application have led to the company’s stock, which had rallied for several days in the beginning of the year, to plummet.

Zoom did not respond to a Reuters request for comment.

Do you know all about security? Try our quiz!