Industry News

Zoom takes action after meeting IDs leak in careless screenshots

The video-conferencing app Zoom has been updated to remove the display of meeting IDs from its title bar, after a series of high profile privacy blunders by those sharing screenshots of their online meetings.

UK Prime Minister Boris Johnson caused much shaking of heads when he shared a screenshot on Twitter of a Zoom meeting he had with what he described as his “first ever digital Cabinet”, days before he was admitted to a hospital’s intensive care unit with a COVID-19 infection.

Johnson’s tweeted screenshot contained various details that might have been wiser to keep secret, including the meeting’s ID number.

Fortunately the sensitive meeting was protected with a password, but it still seems unwise to share such a piece of information.

The UK Prime Minister is not the only one to have inadvertently shared the meeting ID of their conference, as many millions more computer users have embraced such services for the first time.

For instance, Belgian MP Michael Freilich shared a screenshot of a parliamentary defence committee having a video conference.

It may have seemed harmless enough to him, but close examination of the MP’s shared screenshot revealed not only the meeting ID but also the password.

Freilich later claimed that the image had only been shared after the meeting had finished, and that future video conferences would take place using different credentials, but it still seems sloppy to unnecessarily share such information.

If a Zoom meeting is not properly secured, and its ID falls into the hands of mischief-makers, there is always the risk that it may fall foul of Zoom-bombing attacks where uninvited gatecrashers play pornographic content or act abusively to see what reaction they can generate.

Recent announcements by Zoom suggest that in the last week or so it has seen the light and recognised that it needs to take security and privacy concerns more seriously than it has done historically.

As well as fixing numerous flaws and vulnerabilities brought to light by security researchers in recent days, Zoom has also taken the step of removing the meeting ID from the Zoom app’s title bar on Windows, Mac, and Linux.

It’s just a minor, cosmetic change but an important one – especially as so many organisations and individuals seem keen to demonstrate via social media how they are continuing to do business – albeit virtually via video-conferencing apps rather than physically face-to-face.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.