 
						Zoom’s security journey: Our 2024 bug bounty year in review
Zoom’s Bug Bounty Program incentivizes the discovery and responsible disclosure of security vulnerabilities. Here's a look at the past year's highlights.
Updated on May 19, 2022
Published on April 25, 2022
As online activity increases, so do cybercriminal attacks — with the Internet Crime Report for 2021 noting a 7% increase in complaints when compared to 2020, resulting in potential losses of over $6.9 billion.
At Zoom, we take our users’ safety and security very seriously. To help protect our users against today’s complex threats and safeguard their unified communications experience, we have built the following features, among others, to help secure users’ Zoom account information.
This feature helps identify users whose login credentials may have been stolen or compromised in a data breach elsewhere on the internet. It’s designed to prevent cybercriminals from using those compromised credentials to access that customer’s Zoom account. Whenever we determine that a Zoom user’s login and password may have been compromised on another service, we will send them a notification and prompt them to reset their password within one day. If the password is not reset in 24 hours, we will force a logout for the user in an effort to proactively prevent account takeovers.
Account owners, admins, and any other contact set up to receive Trust & Safety communications from Zoom will also receive email notifications about any user accounts with compromised login credentials.
To help authenticate users in schools and business environments, we offer a single sign-on (SSO) feature that creates a safe and quick process for logging in to the Zoom client. If you can not use single sign-on, we recommend using two-factor authentication (2FA) to add an extra layer of security to the process.
Users can also log in via an OAuth process, which allows you to approve one application — Google or Facebook — to interact with Zoom on your behalf so you don’t have to manually enter a password. For any users manually logging in without using any of these protocols, we recommend you deploy a strong and complex password that meets our requirements, and use unique, hard-to-guess passwords for all your accounts across the web. Having a unique password for each account helps eliminate the risk of multiple accounts being compromised with one data breach.
If we detect a suspicious login — when a user logs in from a different location or device than usual — this feature asks users to enter a one-time password (OTP) that is sent to their email address. This applies to those who use a work email to log in and do not have two-factor authentication enabled.
We strategically select and work with third-party providers who help us protect against brute force attacks — where cybercriminals continuously try to guess a user’s password, often automating the process with bots. We’ve deployed solutions across different parts of our website to detect bot attacks and automated traffic to help stop these threats.
We offer an automatic update feature, which is designed to help users receive important security fixes and other features, improving their overall experience with the Zoom platform. Available in the Zoom desktop client, this feature helps users automatically receive updates to Zoom software.
You should also make sure you’re running the latest version of all of the software on your devices, including your favorite browser. Running the most up-to-date version of the Zoom client and other software helps protect against cybercriminals hoping to exploit recently patched vulnerabilities.
These features are just a few aspects of Zoom’s larger security strategy designed to help protect and support customers as they face advanced threats.
Our unified communications solutions are built with security in mind, and our users’ safety, security, and privacy help guide new updates we make to the platform. We’re committed to building a platform users can trust — with their online interactions, information, and business.
To learn more about Zoom privacy and security, explore our Trust Center.