Reminder: Prevent your meetings from being Zoom bombed

December 22, 2020

The IT Collaboration Services team has received increased notifications of potentially vulnerable Zoom meeting and event links. Additionally, a recent review of the Yale public event calendar shows many events that have password-embedded links. The team would like to remind anyone responsible for hosting or posting event and meeting announcements, especially to public websites (e.g. Yale’s event calendars, department websites, twitter, etc.), to review these items. Meetings without passwords or those which include passwords in the link are vulnerable to Zoom bombing.

Take steps to prevent your meetings from being hijacked by malicious parties. If you provide a link on your description page, and it does not require authentication, your meeting or training is vulnerable to being Zoom bombed.

Yale Zoom best practices recommends either:

  • providing a password via separate channel/email, and/or
  • using event registration

By providing a password (via a separate channel or email only to attendees), you will protect your event from becoming hijacked by external, non-Yale, malicious entities.

By using event registration, the host will then need to authorize only those individuals who they want to join your meeting.

If you experience Zoom bombing and want to report it, you will be referred to the Yale Police Department to open a case.