Popular videoconferencing service Zoom will shortly allow paying subscribers to opt out of Chinese servers when routing calls …
Paid users can opt of Chinese servers
One of the security concerns raised about the service is that encryption keys for meetings can be generated on a Chinese server regardless of whether anyone on the call is located there. It is widely believed that the Chinese government has access to encryption keys used in Chinese data centers, and as Zoom doesn’t support end-to-end encryption, that potentially allows eavesdropping on calls.
In a blog post, Zoom says that as of April 18, all paying subscribers will be able to opt out of Chinese data servers. Well, technically the company says you can opt into or out of any of its regional data centers, as it doesn’t want to upset China by naming it, but it’s obvious what has driven this move.
Zoom leverages a robust global network to support our users no matter where they are located, natively routing traffic through the meeting zone that will provide you the best performance.
Now, paid Zoom customers will be able to customize which data center regions their account can use for its real-time meeting traffic […]
Beginning April 18, every paid Zoom customer can opt in or out of a specific data center region. This will determine the meeting servers and Zoom connectors that can be used to connect to Zoom meetings or webinars you are hosting and ensure the best-quality service.
Although free users won’t get this option, the company says that most have nothing to worry about.
Free users will be locked to data centers within their default region where their account is provisioned. For the majority of our free users, this is the United States. Data of free users outside of China will never be routed through China.
500,000 Zoom logins sold
Around half a million Zoom logins are being sold on the dark web, reports BleepingComputer (via MacRumors). Data available includes email address, password, personal meeting URL, and HostKey.
It’s important to note that this isn’t from a data breach at Zoom: the credentials were apparently obtained from hacks elsewhere, and then tried on Zoom. The result was around 500k successful logins from people who use the same password on multiple websites and services.
Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.
If you’ve done this, you’ll want to change your Zoom password – and then ensure you use unique passwords for every website, service and app you use.