A website called Zoom Leaks advertises itself as a public forum used to share session codes, on the popular live conference software zoom.us. We found that site members post meeting IDs for unsecured Zoom meetings.
The forum currently has codes for AA meetings, school classes, and even religious meetups.
The forum also claims that they have access to Zoom servers and have thousands of Zoom codes that will be released on their Discord channel: gg/3deQgE. It is also notable that most users are sharing the codes via Discord and not directly on the forum.
While there’s not much clarity on how these details were leaked, we suspect that the recently disclosed vulnerabilities such as: one bug that allowed uninvited guests to join meetings , and another UNC path injection bug that let attackers steal Windows login credentials, could have been exploited.
In response, Zoom has released patches for these vulnerabilities and has promised weekly webinars to provide privacy and security guidelines.