article

Church Suing After Hijacked With Porn by Serial ‘Zoombomber’: How to Avoid Being Hacked

Share:

A church is suing Zoom after being 'zoombombed' by disturbing, pornographic images by a serial offender. Here's how to protect yourself from being hacked.


On May 6th, a church in California was holding a Bible study class using Zoom when hackers hijacked the online meeting with disturbing, pornographic images. The church complained to Zoom and decided to sue the online conference platform.

The online class was mostly attended by senior members of the Saint Paulus Lutheran Church, one of San Francisco’s oldest churches. About 40 minutes into the Bible class, the screens were hijacked and a pornographic video was streamed. The church’s administrator, Heddi N. Cundle told USA Today that the attendees of the class “had their computer screens hijacked and their control buttons disabled while being forced to watch pornographic video footage.”

“The footages were sick and sickening—portraying adults engaging in sex acts with each other and performing sex acts on infants and children, in addition to physically abusing them,” according to the federal lawsuit, reported by Yahoo Finance. The complaint also stated that the hacker was a “known serial offender” who had been reported, “multiple times to the authorities.”

The administrator reached out to Zoom right away, “but Zoom did nothing,” according to the complaint. In the lawsuit, the plaintiffs accuse Zoom of “prioritizing profit and revenue over data protection and user security,” according to Mercury News. They’re seeking damages for negligence, invasion of privacy, violations of California state consumer protection and privacy statutes.

“The Church filed this lawsuit only after Zoom refused to take its concerns seriously,” Mark Molumphy, one of the church’s lawyers, told CNN in an email statement. “The Church was basically ignored, and Zoom likely hoped that the Church would just go away. However, it is not going away, and instead, courageously stepping up to try to change Zoom’s practices and make sure this doesn’t happen again to anyone else.”

Zoom spoke out against the behavior. “We were deeply upset to hear about this incident, and our hearts go out to those impacted by this horrific event,” read an emailed statement. “On the same day we learned of this incident, we identified the offender, took action to block their access to the platform and reported them to the relevant authorities.”

This is not the first time hackers rudely interrupted an online meeting. IHeartRadio reported of another disturbing incident in Canada where a Zoom meeting of over 200 people discussing an upcoming Miracle Day Food Drive was interrupted with child pornography pictures.

The usage of Zoom increased more than 20 times since March, according to CNBC. The security lapses seem to have become more frequent as well, this new trend is now called “Zoombombing.”

The company promised to tighten the platform’s security to prevent this from happening again. It also announced their “robust security enhancements,” will be implemented in stages outlined in their 90-day security plan progress report.

“We encourage users to report any incidents of this kind either to Zoom so we can take appropriate action or directly to law enforcement authorities,” Zoom said in a statement. “We also encourage all meeting hosts to take advantage of Zoom’s recently updated security features and follow other best practices, including making sure not to broadly share meeting IDs and passwords online, as appeared to be the case here.”

Besides not making the links or meeting IDs publicly available, here are a few more things you can do to prevent Zoombombing:

  • Make sure to use the latest version of Zoom, so that you’ll be using the most up-to-date security features.
  • Adjust the sharing settings so screen-sharing is only allowed for the host.
  • Create a unique meeting ID, even when it’s a repeated meeting, and make sure to only share it with people or groups you trust.
  • Let your Zoom meeting start with a “Waiting Room” to ensure that the Host can decide who will be allowed into the meeting.
  • If you’re worried about accepting anyone from the “Waiting Room” that’s not welcome in the meeting, ask people for their Zoom username prior to the meeting so you can have a guest list ready.
  • Only click on links that start with https://zoom.us/ followed by a string of numbers and letters, as other links could be a phishing scheme.
  • If you’re giving a presentation that doesn’t require immediate interaction, try hosting a webinar instead of a video meeting.