A San Francisco church is suing Zoom, after a hacker streamed child porn during a Bible-study class being held for elderly members by the church. The church is seeking unspecified damages for negligence and privacy violations.
The video conferencing app widely used by millions during the global coronavirus lockdown has been wading in thick water due to its security loopholes making it prone to hackers.
Congregants were left shocked after the incident
The incident took place on May 6 during a Bible-study class organized by the historical Saint Paulus Lutheran Church. The hacker, a known offender who has been reported to the authorities multiple times, Zoombombed the video streaming, viewed by the church's administrator and elderly congregants, mostly pensioners, with child pornography.
New York Post reported that in a suit filed in San Jose federal court the Church said that the incident left the viewers traumatized and helpless. Asserting that the session held on May 6 was password-protected, the lawsuit stated that the intruder named "Christine (iPad)" still managed to break into the meeting. "Immediately following the break-in, pornographic video footages began to run on all participants' computers in a full-screen mode and with loud audio. Some footages involved physical abuse of children, in addition to sexual acts," it added.
"Class attendees, most of them senior citizens, "had their computer screens hijacked and their control buttons disabled while being forced to watch pornographic video footages," the suit says.
"The footages were sick and sickening - portraying adults engaging in sex acts with each other and performing sex acts on infants and children, in addition to physically abusing them," the suit alleges. However, the ordeal did not end there. When the attendees tried to end the video session and start again, the hacker attacked again and X-rated content.
Zoom apologizes for the incident, promises new security features
The church alleged in its lawsuit that when the church's administration approached Zoom for help, the company did nothing. "Zoom prioritizes profit and revenue over data protection and user security while millions of users in the United States registered with Zoom based on its false advertisements and rely on Zoom's platform to conduct their business during this pandemic," the lawsuit adds.
In a statement issued to the publication, Zoom stated that they took acted swiftly when notified by the church authorities. "Our hearts go out to those impacted. On the same day we learned of this incident, we identified the offender, took action to block their access to the platform and reported them to relevant authorities," a Zoom spokesperson said in a statement.
"We also encourage all meeting hosts to take advantage of Zoom's recently updated security features and follow other best practices, including making sure not to broadly share meeting IDs and passwords online, as appeared to be the case here," the statement added.
In a blog post this week, Zoom promised to update its security features including plans to build end-to-end encryption. On April 27, the company released Zoom 5.0, which allows meeting hosts to report misbehaving users for review, lock meetings after all participants have arrived, and remove any unwanted participants.