A virtual dance session hosted by local charity Hackney Carers on Zoom yesterday was hacked and bombarded with racist and sexist imagery.
Fifty-five participants – all older carers from across the borough – were getting ready for their second online dance workout when around 100 new users signed in with fake emails.
The hackers then shared their screens, which were full of naked women and racist images such as swastikas.
The session was part of the Carers Collective, an arts-focused branch of Hackney Carers which supports older members of “all genders, sizes, ethnicities, races and sexual orientations”.
Project manager Anne-Marie Payne told the Citizen: “We’d had a soft launch last week with a smaller number of participants, which had gone well.
“Just prior to Wednesday’s session starting we had 55 genuine participants, previously known to our service.
“However, as soon as the session started we had another 100 or so sign-ups with fake emails, which, as our settings were set to automatically approve registrations – I know! – were all admitted into the session.
“They then proceeded to share their screens full of racist and sexist imagery, so I had to pull the session.
“I know now that this is called ‘Zoombombing’ and happened because we publicised details of the meeting on our social channels.”
Zoom, a video-conferencing app, has surged in popularity amid the coronavirus outbreak, but has made national headlines for its lax security.
The company’s chief executive announced today in a blog post that it is halting development on new features to focus on addressing safety and privacy concerns.
An earlier post on 20 March includes guidance for users on how to prevent uninvited guests from joining meetings.
Payne sent out an email to the carers’ group following the session in which she “apologised hugely that the room was not a safe space”.
She listed a number of steps the charity has taken to protect future sessions, including adding a meeting password, setting screen-sharing to ‘host only’, and not sharing the meeting ID on public platforms, among other measures.
Payne added: “We are also looking into Zoom alternatives, and are currently trialling something called Jitsi Meet which we’re considering using instead.”
The charity is also urging people to sign a petition demanding that Zoom finds an immediate solution to protect its users from cyber attacks.
A spokesperson for Zoom told the Citizen: “We are deeply upset to hear about the incidents involving this type of attack and we strongly condemn such behavior.
“We have been actively educating our users on how they can protect their meetings and help prevent incidents of harassment.
“Starting on 20 March, we’ve published a series of blogs to clarify the protective features – like waiting rooms, passwords, muting controls and limiting screen sharing – that can be put in place.
“We have also been offering trainings and tutorials, as well as free interactive daily webinars, and we’ve been proactively sending these resources to our users so that they can better understand their own account features and how to best use the platform.
“We’re also listening to our community of users to help us evolve our approach – for example, we recently changed the default settings for education users to enable waiting rooms by default and ensure teachers by default are the only ones who can share content in class.
“Finally, we encourage users to report any incidents of this kind directly to support.zoom.us/hc/en-us/requests/new so we can take appropriate action.”
Payne hopes Hackney Carers’ experience will serve as a warning to others, and had some advice for those thinking of using the app: “Never assume that because you are only a tiny little independent charity running a small event (or other small group) that nobody will be interested in disrupting it!
“Take safety precautions in advance, such as only allowing the host to share their screen (and the other measures we’ve implemented since the attack); never share the meeting ID itself on your social channels, and consider Zoom alternatives, because they’re out there.”
The Carers Collective is funded by Connect Hackney, which supports a range of isolation-reducing projects for over-50s in the borough.
Update: this article was amended at 7.20pm on Thursday 2 April 2020 to include a statement from a Zoom spokesperson