Video-conferencing company Zoom, which became a household name during the coronavirus pandemic, has reached an $85m (£61m) settlement in the US.
A class-action lawsuit accused the company of a series of privacy breaches by sharing millions of users’ data with Google, Facebook and LinkedIn.
It also alleged Zoom had misled users by claiming to offer end-to-end encryption in its video calls, and failed to implement enough security to prevent so-called “zoombombing” incidents.
Last May, the UK’s National Crime Agency said it was investigating more than 120 cases in which Zoom calls were hijacked with images of child sexual exploitation.
That announcement followed an incident in which children taking part in a fitness class on Zoom were left horrified when someone streamed similar abuse footage to their session.
Zoom has denied any wrongdoing in reaching the settlement, but has agreed to boost security practices.
The preliminary settlement, filed over the weekend, requires approval by a district judge.
It would make people subscribed to the class action eligible for either a 15% refund on their core subscription or $25, whichever is larger. Others could receive up to $15.
Among new security measures Zoom is introducing are alerts when meeting hosts or other participants use third-party apps during a call.
The company has also pledged to provide specialised data protection and privacy training to its employees.
In a statement, Zoom said: “The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us.
“We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.”