A San Francisco church is suing Zoom after one of its bible study classes was allegedly infiltrated by a hacker who bombarded the video call with porn.
The Saint Paulus Lutheran Church, one of the oldest churches in the city, held a bible study class on May 6, in which most of the attendees were senior citizens.
But 42 minutes into the class, their computer screens were “hijacked” and “control buttons disabled” while pornographic video was streamed, according to a federal lawsuit filed on Wednesday on behalf of the church and its church administrator.
“The footages were sick and sickening — portraying adults engaging in sexual acts with each other and performing sexual acts on infants and children, in addition to physically abusing them,” the lawsuit said, adding that Zoom admitted the hacker was a “known serial offender” who had been reported “multiple times to the authorities.”
In the suit, the plaintiffs accuse Zoom of “prioritizing profit and revenue over data protection and user security” and are seeking damages for negligence, invasion of privacy and violations of California state consumer protection and privacy statutes among other things.
“The Church filed this lawsuit only after Zoom refused to take its concerns seriously,” Mark Molumphy, one of the church’s lawyers, told CNN in an email statement.
“One would think that Zoom — having been informed of the Church’s horrific experience — would’ve done everything possible to acknowledge and fix the security vulnerabilities of its platform,” Molumphy, a partner at Cotchett, Pitre & McCarthy One, said. “Instead, the Church was basically ignored, and Zoom likely hoped that the Church would just go away. However, it is not going away, and instead, courageously stepping up to try to change Zoom’s practices and make sure this doesn’t happen again to anyone else.”
Zoom disputed the church’s claims that it did not immediately take action following the incident.
“We were deeply upset to hear about this incident, and our hearts go out to those impacted by this horrific event. Words cannot express how strongly we condemn such behavior,” a spokesperson for Zoom said in an email statement to CNN.
“On the same day we learned of this incident, we identified the offender, took action to block their access to the platform and reported them to the relevant authorities. We encourage users to report any incidents of this kind either to Zoom so we can take appropriate action or directly to law enforcement authorities. We also encourage all meeting hosts to take advantage of Zoom’s recently updated security features and follow other best practices, including making sure not to broadly share meeting IDs and passwords online, as appeared to be the case here,” the spokesperson added.
The spokesperson pointed to a series of blog posts by the company that highlighted the security enhancements Zoom has made in recent months, such as making meeting passwords a default and updating its encryption standard.
With the coronavirus pandemic forcing people to stay at home, many have taken to Zoom to virtually attend school classes, work meetings or just connect with friends.
But as the video conference app surged in popularity, the FBI has said that it received multiple reports of “Zoombombing,” in which calls were hijacked by individuals who share “pornographic and/or hate images and threatening language.”
Zoom’s CEO Eric Yuan apologized for the company’s shortcomings last month.
“We recognize that we have fallen short of the community’s — and our own — privacy and security expectations. For that, I am deeply sorry,” he wrote in a blog post from April 1.
The company released an updated Zoom 5.0 on April 27, which allows meeting hosts to report misbehaving users for review, lock meetings after all participants have arrived, and remove any unwanted participants.