A California church is suing video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse.
A hacker took over users’ computers and played “sick and disturbing videos”, according to the lawsuit filed by Saint Paulus Lutheran Church.
The San Francisco church’s leaders contacted Zoom for help, but the company “did nothing”, the suit says.
In a statement, a Zoom spokesperson condemned the “horrific event”.
“Our hearts go out to those impacted,” the company said, “On the same day we learned of this incident, we identified the offender, took action to block their access to the platform and reported them to the relevant authorities.”
The company pointed to its “recently updated security features”, adding that Zoom users should not widely share meeting access and passwords “as appeared to be the case” with the church group.
The popularity of the Zoom video chat app has soared in recent months for work and leisure as virus lockdown measures have kept millions at home.
The inflated use has come with heightened scrutiny over its security and privacy measures, with reports of so-called “Zoombombing” – where uninvited guests hack into meetings, sometimes posting racist, abusive or explicit content.
Saint Paulus Church – one of the oldest churches in San Francisco – said in the suit, filed to a federal court in San Jose on Wednesday, that its 6 May bible study class was hacked by a “known offender – one who has been reported to the authorities multiple times”.
The eight Bible study students, mostly pensioners, had their computers’ control systems disabled while the hacker played pornographic videos.
“The footages were sick and sickening – portraying adults engaging in sex acts with each other and performing sex acts on infants and children, in addition to physically abusing them,” the suit alleges.
When the students tried to end the video session and start again, the hacker attacked again, the suit says.
The church has filed a proposed class action lawsuit against the San Jose-based Zoom. It is seeking unspecified damages for claims of negligence, breach of implied contract, unjust enrichment and unfair business practices.
The teleconferencing giant post an updated to its security measures this week in a blog post, which promised more security features to come, including plans to build end-to-end encryption. It has been criticised previously for wrongly claiming the app already had the feature – meaning that only the participating users can access the messages and video.