Published: March 31, 2020 By , ,

What is Zoombombing and How Does it Happen?

Zoombombing is when an unauthorized person gains access to a Zoom meeting and disrupts it. Reports in the media show that these "zoombombers" will often spread hateful messages, disrupt meetings entirely, or harass participants.

Zoombombing occurs when someone guesses or joins a meeting that was not intended for them. This can happen when using Personal Meeting IDs and posting them on public websites, or Personal Meeting IDs can be guessed via a "brute force" method -- where the attacker simply guesses as many sequences of numbers as possible (often using software) until a sequence connects them to a meeting.

How Can I Prevent Zoombombing for my Meeting?

Protecting yourself from Zoombombing must be done proactively, not reactively. However, if someone does disrupt your meeting, there are some steps you can take as well! Setup your meeting with the following options in mind; each of which adds a layer of protection. Use what options make sense for your meeting, and adjust accordingly. Don't lock it down so tightly that it's difficult for you and your participants to work together.

  • Do not use a Personal Meeting ID for your meeting. These IDs never change, unless you manually change it yourself. Although this makes it very simple for your group to join the meeting, especially for recurring meetings, it makes the Meeting ID very easy to guess and is very susceptible to the "brute force" method noted above.
  • Use the Generate Automatically method for creating the Meeting ID for your meeting. These IDs are randomly generated at the time the meeting is scheduled, making them more difficult to guess and giving attackers less time to chip away at them.
  • Do not post Zoom URLs in public spaces, such as webpages, social media platforms, or in email signatures. Many attackers are scraping these URLs from search engines or other software tools that can quickly and easily store these URLs for them to abuse.
  • Share Zoom URLs only with meeting attendees. This ensures that you know who to expect in your meeting and you can control how that information is distributed.
  • Require a Meeting Password to be really careful. This requires you to also distribute a password alongside the join link, making it even more challenging for someone to simply guess your Meeting ID and join. This is a bit of a pain, but it is more secure.
  • Use the Waiting Room feature to control who enters your meeting. Although this does prevent people from joining your meeting before the host, it does at least create some layer of intervention where you can allow only those you authorize into a meeting. This option is not always practical, however, especially if someone who is not attending the meeting is the one scheduling it.
  • Lock your meeting after everyone has joined. By locking your meeting, you can prevent anyone else from joining the meeting, thus preventing any unexpected visitors. Once your meeting is live, navigate to Participants, then select More at the bottom of the participants list and click Lock.
  • Set Screen Sharing to Host Only in Account Settings. By limiting screen sharing to only the host of the meeting, it mitigates the impact of a "zoombomber" should they find a way to join your meeting.
  • Disable the File Transfer setting in Account Settings. This is another method of mitigating impact if a "zoombomber" does join the meeting. It prevents them from transferring malicious files such as malware, viruses, or inappropriate material.
  • Remove any unauthorized participants from your meeting. If someone does successfully join your meeting and they are being disruptive, you may remove them, which also prevents them from rejoining. While your meeting is live, open up the Participants panel, mouse over the disruptive person, select More, then Remove.