Login details for online fitness class held by Plymouth sports club shared on internet forums, say Devon and Cornwall Police
Around 60 young people were subject to footage of child sex abuse after an online fitness class held via Zoom was hacked, police have said.
The session was being staged on the conferencing platform by a Plymouth sports club on Tuesday morning when an unauthorised person managed to gain access.
Footage of the abuse was then streamed to those present in the video group call, in what is the latest incident of ‘zoombombing’.
Devon and Cornwall Police believe the culprit was able to hack the Zoom session after the group’s login details were shared on open internet forums.
Officers are now working with the city council’s social care team to identify those who have been affected by the incident.
Detective inspector Lesley Bulley, of the Plymouth Public Protection Unit, said: “We are progressing enquiries to identify the suspect in this distressing offence for all concerned.
“We are working closely with Plymouth Safeguarding Children’s Partnership and I request that, if you have been affected by this, then you come forward and let us know who you are so we can provide the necessary advice and support.”
Zoom, a US-based video-conferencing firm, has been subject to widespread hacks as millions have turned to the platform for work and leisure while under lockdown during the coronavirus pandemic.
Reports have emerged of trolls disrupting conferences with offensive content, including racist and homophobic imagery.
Devon and Cornwall Police has issued advice over online video conferencing, urging users to only download apps from trusted sources, such as the Apple App Store and Google Play, and make sure account passwords are unique and complex.
Cyber protect officer Grahame Mace said: “Keeping in touch with our friends and family is vital during this period of lockdown. But please ensure when setting up video conferencing sessions that you follow the guidelines on keeping your sessions private.
“First and foremost understand what security settings you have implemented and are available for your software, don’t leave yourself or others vulnerable, lock it down and keep the criminals out.”
Last week, an online wine testing event streamed via Zoom was hacked and similarly exposed to footage of child pornography.
Manchester-based wine merchant Grain To Grape had been hosting the conference call on Saturday night, with roughly 70 people logged-in, when the hack occurred 25 minutes into the session.
Owner Tom Sneesby described the hack as “cowardly and villainous”.
“It’s the most repugnant, the most foul and haunting stuff you can see,” he told the Manchester Evening News. “That’s why it was chosen. It’s the worst thing you can put in front of normal people.”
Zoom said on Wednesday that it is implementing new security measures as it battles to prevent hackers from ‘zoombombing’ video calls.
An update aimed at free users of the platform will be implemented on 9 May, while a new level of encryption will also be introduced from 30 May, which Zoom says will “provide increased protection for meeting data and resistance against tampering”.
The company has been attempting to toughen up its security ever since it vowed to fix its “biggest trust, safety and privacy” issues in April.