I'm really liking Zoom's responses to incidents lately. Both this and the "oops we implemented certain features by leaving a localhost webserver gaping open" fiasco fairly recently got extremely nimble responses from them, and the responses were absolutely the right thing to do. They could have hand-waved the http server away and claimed to have "secured" it, and they could have hand-waved this away as "standard practice", which, let's be frank, it almost certainly is. The fact that they understood the seriousness and swiftly yanked the features in both instances is HUGE. Kudos to them for this.
edit: some people won't want to give them any slack because they committed the offenses in the first place, but I think that's silly. Reward them for trying, because if this is the way they're going to respond to blowing it, they're one of the good guys.
in the end they did the right thing with the local web server, but iirc their first response was "this is a non issue and needed for proper operation".
edit: some people won't want to give them any slack because they committed the offenses in the first place, but I think that's silly. Reward them for trying, because if this is the way they're going to respond to blowing it, they're one of the good guys.