This Twitter thread is wild. Read the text below, or, tl;dr for spoilers —
The 8-year-old figured out how to temporarily lock the account by entering enough wrong passwords, and did that every time she got bored in class. It took them 3 weeks to figure it out.
Day 1: (Zero Day) My sister has three kids, all are currently in Zoom classes. Mysteriously one day, my niece's zoom stopped working. She went and told my sister who tried for over an hour to get her logged back in but could not. She figured it was a weird glitch.
Day 2: The next day, sure as shit, the same thing happened. My niece was kicked off and couldn't log back in. My sister emails the teacher and tells her she is having issues with zoom and she will try to figure it out.
Day 3: Same story. Kicked off and couldn't login. The error says "Incorrect password" no matter how many times they try. My sister calls the teacher and they spend an hour or so trying to figure it out. No luck.
Day 4: My sister now takes my niece to her friends house to see if it is something with her internet or IP. Same story. It works but then kicks her off and can't log back in. This has to be some crazy bug in Zoom. "Maybe her account is flagged?", my sister (The Mark) exclaims.
Day 5: Issue continues. After hours on the phone with Zoom tech support the techs are completely stumped. They say that the account was locked at some point but my sister knows there has been hundreds of login attempts from multiple locations so that makes sense. (or does it?)
Day 6: Again, same issue with Zoom. The teacher recreates the whole zoom classroom from scratch. All thirty students have to update their calendar invites, re-login, etc. "This has to work, right??" Nope.
Day 7: Multiple calls to the principle finally gets the schools computer teacher to come out to the house to try and debug the issue on site. No luck.
The rest of week 2: My sister has essentially given up on Zoom class for her and is now having to fully homeschool her. "At least I get to help you around the house" my niece says innocently. What a sweetheart.
Week 3: Now my sister is not even trying to have her attend school and is doing one on one homeschool. The rest of the time, my niece is helping out her siblings with their school (or playing if my sister is too busy to make sure she isn't)
Yesterday: My sister sent my niece back to her friend's house where the problem seems to be happening less often. They sign her in and Zoom which seems to be working well for a while.
Her friend happens to walk around the corner and sees my niece log out of Zoom! My sisters friend asks why she did that and she replies "Oh it wasn't working well so I was trying to fix it."
Skeptical but doesn't want to review her hand my sisters friend pretends that makes sense and walks out. The walls are closing in for my poor unsuspecting niece.
My sister's friend is on to the con at this point. She now secretly watches from the other room where my niece cannot see her. After about an hour on Zoom, my niece can't take it anymore and executes the con to escape the boredom.
My sister's friend watches as my niece logs out, then repeatedly types in the wrong password to her account about 20 times.
What my niece had figured out is that when you log in with an incorrect password, Zoom will lock your account for a set amount of time. The more times you do this, the longer the wait period for you to get back into Zoom.
She also noticed that the error that is presented to a user when they are locked is "Incorrect password" and not "your account has been locked"
My niece found the exploit and combined it with her cute 8 year old face, a face that never could tell a lie much less pull off an elaborate scheme to trick no less that 8 adults for 3 weeks straight.
Image: Public Domain via Pexels