Zoom's cloud feature allows users to save recorded videos on the platform so they can be viewed, shared and downloaded later. The tool is especially useful for businesses that want to keep track of a conversation.
Guimond found a way to not only access but download recorded Zoom meetings on the app's cloud through an unsecured link and "brute force," or the act of trying as many password combinations as possible until one works, CBS-owned tech news website CNET reported Thursday.
Additionally, Guimond discovered that these recorded videos can live on the cloud for hours after being deleted, according to CNET.
"Zoom has not considered security at all when developing their software," Guimond told the outlet. "Their offerings have some of the highest amount of low-hanging-fruit vulnerabilities in the industry for a mainstream product."
A Zoom spokesperson told FOX Business in a statement that based on its own findings, the unique URL that leads users to a cloud recording view page "immediately stops working after deletion, so it cannot be accessed."
The company added, however, that "if someone has recently watched the recording around the time it is deleted, they can continue to watch for a period of time before the viewing session expires. We continue to investigate the matter."
The company also responded to the findings by rolling out updates on Saturday and on Tuesday after being notified about the vulnerabilities, including a tool to prevent bad actors from using brute force to access recorded cloud videos and implemented password requirements to its default cloud settings, CNET reported.
"Upon learning of this issue, we took immediate action to prevent brute-force attempts on password-protected recording pages," the Zoom spokesperson said. "To further strengthen security, we have also implemented complex password rules for all future cloud recordings, and the password protection setting is now turned on by default," a Zoom spokesman told CNET.
As a result of the novel coronavirus pandemic, Zoom's userbase expanded from 10 million active daily users to 200 million in just three months, but with that demand came questions of privacy and cybersecurity that highlighted the app's unpreparedness for such unprecedented growth.
The discoveries come as the video conference app faces a multitude of concerns from users and lawmakers alike, including reports of hacking, Zoombombing, information-sharing and ties to China that came to light in late in March and early April.
This article contains material from a previous FOX Business post.