Zoombombing, Zoom-bombing, Zoom-attacks or Zoom raiding is the unwanted intrusion into a video conference call by an individual, causing disruption. The term became popularized in 2020, after the COVID-19 pandemic forced many people to stay at home and videoconferencing is used on a large scale by businesses, schools, and social groups. The term is associated with and derived from the name of the Zoom videoconferencing software program but it has also been used to refer to the phenomenon on other video conferencing platforms.
The term "Zoombombing" is derived from the teleconferencing application Zoom, though the term has also been used in reference to similar incidents on other teleconferencing platforms, such as WebEx or Skype. The increased use of Zoom during the COVID-19 pandemic as an alternative to face-to-face meetings resulted in widespread exposure to hackers and Internet trolls, who exploit and work around the application's security features. In various forums such as Discord and Reddit, efforts have been coordinated to disrupt Zoom sessions, while certain Twitter accounts advertised passwords sessions that were vulnerable to being joined without authorization. At educational institutions, some students were "actively asking strangers to Zoombomb or 'Zoom raid' their virtual classrooms to spice up their isolated lessons" and facilitating the raids by sharing passwords with the raiders. CNET pointed out that simple Google searches for URLs that include "Zoom.us" could bring up conferences that are not password protected, and that links within public pages can allow anyone to join.
While a Zoom session is in progress, unfamiliar users show up and hijack the session by saying or showing things that are lewd, obscene, racist, or antisemitic in nature. The compromised Zoom session is then typically shut down by the host. Those successful in disrupting sessions have posted video footage of those incidents to sharing platforms such as TikTok and YouTube.
Zoombombing has caused a number of problems for schools and educators, with unwanted participants posting lewd content to interrupt learning sessions. Some schools had to suspend using video conferencing altogether. The University of Southern California called Zoombombing a type of trolling and apologized for "vile" events that interrupted "lectures and learning." Zoombombing has prompted colleges and universities to publish guides and resources to educate and bring awareness to their students and staff about the phenomenon. Zoombombing has left online lectures vulnerable to the intrusion of people looking to inflict harm. These crimes have brought attention not only to the lack of security on videoconferencing platforms, but also the lack in the universities. According to an article from The Guardian, the University of Warwick, in the midst of a rape-chat scandal, received criticisms for its weak cybersecurity.
The problem reached such prominence that the United States Federal Bureau of Investigation (FBI) warned of video-teleconferencing and online classroom hijacking, which it called "Zoom-bombing." The FBI advised users of teleconferencing software to keep meetings private, require passwords or other forms of access control such as "waiting rooms" to limit access only to specific people, and limiting screen-sharing access to the meeting host only. Given the number of incidents of Zoombombing, New York's attorney general initiated an inquiry into Zoom's data privacy and security policies. U.S. Senator Sherrod Brown (D-OH) asked the Federal Trade Commission to investigate into the matter, accusing Zoom of engaging in deceptive practices regarding user privacy and security.
Amid concerns about Zoombombing, various organizations banned the use of Zoom. In April 2020, Google banned the use of Zoom on its corporate computers, directing employees to instead use its video chat app Google Duo. The use of Zoom was also banned by SpaceX, Smart Communications, NASA, and the Australian Defence Force. The Taiwanese and Canadian governments banned Zoom for all government use. The New York City Department of Education prohibited all its teachers from using the platform with students, and the Clark County School District in Nevada disabled access to Zoom to its staff. Singapore's Ministry of Education briefly banned all teachers within the country from using Zoom before lifting the ban three days later, adding extra security features. Some Zoombombers have shared their side of the story, claiming they aren't trying to cause harm. They claim it is a form of protest in response to the extensive amount of work given from teachers. Not all incidents are malicious, as many have shared some new pop culture, such as memes and TikToks, to bring some relief and fun during the pandemic.
Zoom CEO Eric Yuan made a public apology, saying that the teleconferencing company had not anticipated the sudden influx of new consumer users and stating that "this is a mistake and lesson learned." In response to the concerns, Zoom has published a guide on their blog on how to avoid these types of incidents. On April 7, 2020, Zoom implemented user experience and security updates to the application. Such updates include a more visible "Security" icon for users to see and use, suppression of meeting ID numbers, and a change in the default settings to require passwords and waiting rooms for sessions. On April 8, 2020, Zoom announced that it had formed a council of chief information security officers from other companies to share ideas on best practices, and that it had hired Alex Stamos, former chief security officer of Facebook, as an adviser. Zoom released its 5.0 version in April 2020 with security features that include AES 256-bit GCM encryption, passwords by default, and a feature to report suspicious users to its Trust and Safety Team for possible misuse.
In the U.S., Federal authorities warned of possible charges against people engaging with Zoombombing. On April 8, 2020, a teen in Madison, Connecticut, was arrested for computer crime, conspiracy, and disturbing the peace following a Zoombombing incident involving online classes at Daniel Hand High School; police also identified another teen involved in the incident. In San Francisco, a man was arrested after being traced to pornographic videos that were streamed on Zoom.
St. Paulus Lutheran Church in San Francisco filed a class-action lawsuit against Zoom after one of its bible study classes was "Zoombombed" on May 6, 2020. The church alleged that Zoom "did nothing" when it tried to reach out to the company.
- Taylor Lorenz; Davey Alba (April 3, 2020). "'Zoombombing' Becomes a Dangerous Organized Effort". The New York Times. Retrieved April 4, 2020.
“Zoombombing” or “Zoom raiding” by uninvited participants have become frequent
- Marotti, Ally (April 2, 2020). "Zoom video meetings are being interrupted by hackers spewing hate speech and showing porn. It's called 'Zoombombing.' Here's how to prevent it". Chicago Tribune. Retrieved April 11, 2020.
- Holmberg, Shannon (April 20, 2020). "Zoombombing, Location Tracking, and Contact Tracing, Oh My! Data Privacy & Cybersecurity During the COVID-19 Pandemic". JD Supra. Retrieved May 19, 2020.
- Cimpanu, Catalin (April 2, 2020). "The internet is now rife with places where you can organize Zoom-bombing raids". ZDNet. Archived from the original on April 5, 2020. Retrieved April 3, 2020.
- Conklin, Audrey (April 2, 2020). "'Zoombombing' is an inside job? Meeting codes shared on Twitter". Fox Business. Retrieved April 2, 2020.
- Hodge, Rae (April 21, 2020). "Zoombombing: What it is and how you can prevent it in Zoom video chat". CNET. Archived from the original on April 21, 2020.
- Xia, Roxanna; Blume, Howard; Money, Luke (March 25, 2020). "USC, school districts getting 'Zoom-bombed' with racist taunts, porn as they transition to online meetings". Los Angeles Times. Retrieved April 11, 2020.
- "Were You Zoom-Bombed? Video of It May Now Be on YouTube, TikTok for All to See". PC Magazine. Retrieved April 3, 2020.
- Redden, Elizabeth (March 26, 2020). "'Zoombombers' disrupt online classes with racist, pornographic content". Inside Higher Ed. Retrieved May 22, 2020.
- Anderson, Nick (March 25, 2020). "'Zoombombing' disrupts online classes at University of Southern California". The Washington Post. Retrieved May 22, 2020.
- Whittaker, Zack (March 26, 2020). "School quits video calls after naked man 'guessed' the meeting link". TechCrunch. Retrieved March 28, 2020.
- Wolford, Brooke (March 25, 2020). "'Zoombombing' is the new way to troll online. Here's how to protect your video chat". Miami Herald. Retrieved March 30, 2020.
- McKenzie, Lindsay (April 3, 2020). "'Zoombies' Take Over Online Classrooms". Inside Higher Ed. Retrieved May 2, 2020.
- Batty, David (April 22, 2020). "Harassment fears as students post extreme pornography in online lectures". The Guardian. ISSN 0261-3077. Retrieved May 18, 2020.
- Setera, Kristen (March 30, 2020). "FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic". Federal Bureau of Investigation. Archived from the original on April 16, 2020. Retrieved March 31, 2020.
people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called "Zoom-bombing") are emerging
- Andone, Dakin (April 2, 2020). "FBI warns video calls are getting hijacked. It's called 'Zoombombing'". CNN. Retrieved May 22, 2020.
- Hakim, Danny; Singer, Natasha (March 30, 2020). "New York Attorney General Looks Into Zoom's Privacy Practices". The New York Times. Retrieved March 31, 2020.
Over the last few weeks, internet trolls have exploited a Zoom screen-sharing feature to hijack meetings and do things like interrupt educational sessions or post white supremacist messages to a webinar on anti-Semitism — a phenomenon called “Zoombombing.” [...] “We appreciate the New York attorney general’s engagement on these issues
- Bond, Shannon (April 3, 2020). "Senator Asks FTC To Investigate Zoom's 'Deceptive' Security Claims". National Public Radio. Retrieved April 12, 2020.
- Vigliarolo, Brandon (April 9, 2020). "Who has banned Zoom? Google, NASA, and more". TechRepublic. Retrieved April 11, 2020.
- "Taiwan joins Canada in banning Zoom for government video conferencing". Canadian Broadcasting Corporation. April 7, 2020. Retrieved April 11, 2020.
- Strauss, Valerie (April 4, 2020). "School districts, including New York City's, start banning Zoom because of online security issues". The Washington Post. Retrieved April 11, 2020.
- Abu Baker, Jalelah (April 9, 2020). "MOE suspends use of Zoom in home-based learning following breaches involving obscene images". CNA. Retrieved April 10, 2020.
- "Singapore bans teachers using Zoom after hackers post obscene images on screens". The Guardian. April 11, 2020. Retrieved April 11, 2020.
- hermesauto (April 13, 2020). "Singapore schools to resume use of Zoom for home-based learning with additional safeguards in place". The Straits Times. Retrieved April 13, 2020.
- "After Zoom calls hacked with racial slurs and pornography, CEO admits "mistake"". CBS News. April 2, 2020. Retrieved April 12, 2020.
- Billings, Kevin (April 8, 2020). "Zoom Announces New Security Changes In Response To Hacks And 'Zoom-Bombing' Incidents". International Business Times. Retrieved April 12, 2020.
- "How to Keep the Party Crashers from Crashing Your Zoom Event". Zoom Blog. March 20, 2020. Retrieved March 29, 2020.
- Peters, Jay (April 3, 2020). "Zoom adds new security and privacy measures to prevent Zoombombing". The Verge. Retrieved April 12, 2020.
- Singer, Natasha (April 8, 2020). "Zoom Rushes to Improve Privacy for Consumers Flooding Its Service". New York Times. Retrieved May 22, 2020.
- "90-Day Security Plan Progress Report: April 22". Zoom Video Communications. April 22, 2020. Retrieved April 26, 2020.
- "'Zoombombing' targeted with new version of app". BBC News. April 23, 2020. Retrieved April 26, 2020.
- Lyons, Kim (May 25, 2020). "Zoom has temporarily removed Giphy from its chat feature". The Verge. Retrieved May 26, 2020.
- Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic at the Wayback Machine (archived 2020-04-16[Date mismatch])"Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic" (Press release). United States District Court for the Eastern District of Michigan. April 3, 2020. Retrieved April 11, 2020.
- Murdock, Jason (April 9, 2020). "Connecticut Teen Arrested for Allegedly 'Zoom Bombing' Virtual High School Lessons and Using 'Obscene Language and Gestures'". Newsweek. Retrieved April 11, 2020.
- "SF Man Traced From Zoom Streaming Activity Faces Child Porn Charges". NBC Bay Area. Retrieved May 18, 2020.
- Tyko, Kelly (May 15, 2020). "California church files class action lawsuit against Zoom after bible class 'Zoombombing'". USA Today. Retrieved May 17, 2020.
- Kelley, Alexandra (May 14, 2020). "California church sues Zoom over 'Zoombombing' pornography incident". The Hill. Retrieved May 17, 2020.