Zoom will enable meeting passwords and virtual waiting rooms by default to help stop 'Zoombombing' incidents

By Paayal Zaveri

Zoom is taking steps to make its app more secure, after facing backlash from users about the privacy and security settings of its product. 

Starting April 5, Zoom will require passwords if a user tries to enter a meeting using just the meeting ID instead of the meeting invite link. It will also make virtual waiting rooms on by default, so the meeting host had to manually allow others to join the meeting. These two changes will apply to free users and people who have personally upgraded their account to the first level of a paid plan

"We're always striving to deliver our users a secure virtual meeting environment. Effective April 5, we are enabling passwords and ​virtual waiting rooms by default ​for our Free Basic and Single Pro users. We strongly encourage all users to implement passwords for all of their meetings," Zoom said in a statement.

This comes after so-called "Zoombombing" incidents, where hackers or trolls will enter random Zoom calls to share indecent messages or other spam, became a frequent occurrence. Zoombombing affected online classes, corporate gatherings, and even virtual Alcoholics Anonymous meetings.

In an email sent to users on Friday the company said: "we've chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy." It also said previously scheduled meetings will have passwords enabled as well.

The company also explained how to find meeting passwords. "For meetings scheduled moving forward, the meeting password can be found in the invitation. For instant meetings, the password will be displayed in the Zoom client. The password can also be found in the meeting join URL," the email to users said. 

Zoombombing is a big issue

The new security enhancements come after Zoom CEO Eric Yuan apologized for the many privacy and security issues users found with the app and said the company will take steps to address it. One of those steps is stopping the implementation of any new features so the company can focus on solving existing privacy and security concerns.

The rise of Zoombombing prompted the FBI to warn users about the problem earlier this week, and the New York Attorney General to send a letter to Zoom asking what new security measures the company has put in place, if any, to protect user privacy amid its huge surge in usage.

The problem stems from the fact that anyone can join any open Zoom call if they find the meeting ID. Hackers have come up with tools to create giant lists of random meeting IDs, giving them a wide set of calls to crash in on, without knowing what they're walking into. 

The only ways to prevent it are to put a password on the meeting, or to use a virtual waiting room so the host can vet those who are joining

Yuan has said that its privacy struggles are rooted in the fact that it was originally intended for businesses, not consumers. But with shelter-in-place and social distancing mandates across the globe to help stop the spread of coronavirus, Zoom's user base has grown exponentially — 200 million daily free and paying users in March, up from 10 million at the end of December.

Got a tip? Contact this reporter via email at pzaveri@businessinsider.com or Signal at 925-364-4258. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.