Facebook, LinkedIn 'eavesdropped' on Zoom video calls: Lawsuit

Zoom was sued just last week for allegedly neglecting to disclose privacy flaws

A California man has filed a class-action lawsuit against Zoom, Facebook and LinkedIn accusing the latter two social media sites of recording Zoom users’ calls to obtain personal information, court papers show.

Todd Hurvitz claims LinkedIn and Facebook “eavesdropped on” Zoom users and tried to read and decipher their server data to “harvest their personal information,” states the 70-page lawsuit, which was filed Monday in federal court in California and published online by Law360.

Ticker Security Last Change Change %
ZM ZOOM COMMUNICATIONS INC. 82.69 -2.67 -3.13%
FB NO DATA AVAILABLE - - -

The social media companies allegedly used similar, though slightly different pervasive methods to obtain the personal details. In some cases, they continued to do so every time the user signed in or out of the Zoom app, or despite that the user had taken lengths to conceal their information, court papers show.

A Zoom spokesperson told FOX Business the company has publicly addressed the issues with both social media features. Zoom has since discontinued the "Login with Facebook," a move that was announced in a company blogpost, and discontinued the LinkedIn Sales Navigator feature, per an April 1 announcement.

A rep for Facebook said in a statement that Zoom's use of Facebook's software development kit, or SDK, "did not enable Facebook to 'eavesdrop' on Zoom calls."

"The SDK is not designed to and did not share such content," the spokesperson said. "The lawsuit has no merit, and we will defend ourselves vigorously."

The lawsuit alleges that through Zoom’s iOS Login Feature – which would appear to a user as an option for “Login with Facebook” – Facebook could allegedly collect Zoom users’ information, even if the person did not use the login feature and did not even have a Facebook account, the lawsuit states.

ZOOM UNDER FIRE FOR SECURITY VULNERABILITIES, TIES TO CHINA

“Facebook collected the personal information by willfully and intentionally using a recording device to record and eavesdrop on, and by otherwise reading, attempting to read and learning the contents and meaning of, communications between the participants’ computers and Defendant Zoom’s server,” according to the suit.

Facebook allegedly created user profiles “for use in its targeted advertising business.” Meanwhile, Zoom allegedly profited by using the more thorough user profiles to target potential customers and, in turn, turn them into actual paying customers.

FLORIDA JUDGE REQUESTS LAWYERS DRESS APPROPRIATELY ON ZOOM

Eric Yuan, CEO of Zoom Video Communications on April 18, 2019. (REUTERS/Carlo Allegri)

Per the lawsuit, examples of personal information gathered by Facebook include:

  • iOS Advertiser ID, which is “is specifically assigned to the user and could be tracked over time, across platforms and linked to the user.”
  • "iOS Timezone; 
  • "IP Address;
  • "iOS Language;
  • "iOS Disk Space Available;
  • "iOS Disk Space Remaining;
  • "iOS Device Model;
  • "iOS Version;
  • "Device Carrier;
  • "iOS Device CPU Cores;
  • "Application Bundle Identifier;
  • "Application Instance ID;
  • "and Application Version

“[B]y obtaining a Zoom user’s iOS Advertiser ID, along with the other information described above, Defendant Facebook was able to identify the specific user and amass the data collected from Defendant Zoom with other data previously collected by Facebook, giving Facebook multiple ways to identify the user even if he took steps to keep his identity anonymous,” the suit states.

ZOOM SUED FOR OVERSTATING, NOT DISCLOSING PRIVACY, SECURITY FLAWS

An iPhone displays the Facebook app. (AP Photo/Jenny Kane, File)

Someone using LinkedIn’s Navigator app while hosting a Zoom video “was able to view LinkedIn details of meeting participants, even when those participants sought to keep their personal details anonymous.”

Much like Facebook, LinkedIn allegedly used “a recording device to record and eavesdrop on” video calls” without video conference participants’ knowledge, according to the suit.

HACKERS' NEW TARGET DURING CORONAVIRUS PANDEMIC: VIDEO CONFERENCE CALLS

“LinkedIn was able to collect Zoom users’ personal information even if the meeting host was not using Navigator, thereby allowing LinkedIn to learn the contents of all sign-in communications of all Zoom users.”

MK Juric, a spokesperson for LinkedIn, called the claims against the company “baseless.”

“We give our members choices over what information they share and honor their settings,” Juric said. “Additionally, the integration between Zoom and LinkedIn Sales Navigator was suspended and is no longer available.”

LinkedIn's Mountain View, Calif., headquarters on May 7, 2013. (AP Photo/Noah Berger, File)

The court papers allege Zoom admitted to the unnecessary data collection through both social media companies, but the lawsuit further accuses the company of withholding information despite knowledge of flaws so as not to hurt company profit.

The company was slapped with a class-action suit just last week for allegedly neglecting to disclose privacy flaws.

CLICK HERE TO GET FOX BUSINESS ON THE GO

"Zoom has misrepresented the nature of the security used to protect Zoom users’ video communications," the suit states. "It has also concealed, suppressed and omitted from disclosure various flaws in its products until they are publicly disclosed by third parties, knowing that the disclosures could harm its business."

Hurvitz is seeking class-action status and to obtain, among other things, compensation "for their unlawful, unfair and deceptive conduct" and that the defendants be ordered "to disgorge their ill-gotten gains."

CLICK HERE TO READ MORE ON FOX BUSINESS

This story was updated to include details provided by a Zoom spokesperson.