Skip to main content
Emerging ThreatsHacking

Zoom Meetings Exposed by Rogue Web Service

Zoom Meetings Exposed by Rogue Web Service

If a meeting invite is accessible on the public internet, does the meeting itself remain private? That question moved from theoretical to practical when a company called WebinarTV began searching for public Zoom invites, joining those sessions, secretly recording them and then publishing the tapes online.

What the company does — in plain terms

WebinarTV actively searches the internet for public Zoom meeting invites. When it finds an accessible invite, the company joins the meeting, records the session without using Zoom’s built‑in record feature, and publishes the resulting recordings.

Because those recordings are not captured through Zoom’s native recording mechanism, Zoom’s internal record‑detection tools cannot identify or intervene in WebinarTV’s activity. In short, the recordings are made and published outside the platform’s usual control systems.

How this works and why it circumvents platform controls

Platforms typically detect and manage recordings that use their own recording APIs or built‑in features. WebinarTV’s approach — joining as a normal meeting participant and recording from that vantage point — does not trigger those platform mechanisms. The company therefore operates in a gap between what the meeting software can detect and what a human or third‑party observer can do once inside a meeting.

The practical effect is simple and stark: meetings that are discoverable via public invites can be captured and posted elsewhere even when the platform’s recording safeguards would otherwise prevent or flag recording activity.

Why this matters — perspectives to consider

  • Users: For participants, the finding is a reminder that how an invite is shared matters. Publicly accessible invites can lead to recordings being made and published without participants’ knowledge or consent.
  • Technologists: The incident highlights a technical blind spot. Detection systems tied to a platform’s native features cannot account for every way a human or external tool can duplicate audio and video once joined as a legitimate participant.
  • Policymakers and administrators: The case raises questions about where responsibility and authority lie — over how invites are distributed, how platforms detect non‑native recording, and what remedies are available when recordings are published externally.
  • Adversaries and opportunists: The approach demonstrates a low‑technical-cost method for capturing public meetings. If the goal is to harvest freely accessible discussions, the method works without relying on platform vulnerabilities or sophisticated hacks.

What this leaves us with

The core fact is straightforward: WebinarTV searches for public Zoom invites, joins meetings, records them without using Zoom’s record function, and then publishes those recordings. Because the company does not use Zoom’s built‑in recording feature, Zoom’s detection of recording activity cannot stop it.

This exposes a practical dilemma for anyone organizing online meetings. The line between public and private can be thin; the tools that enforce privacy on a platform may not cover what happens once a meeting is accessible to the open web. How organizations, platforms, and individuals respond to that gap will determine whether public meeting spaces remain truly public in practice, or whether they become sources of unintended, permanent recordings available to anyone.

https://www.schneier.com/blog/archives/2026/04/company-that-secretly-records-and-publishes-zoom-meetings.html