How is Lusha harvesting private email addresses from Zoom?

I could not find a suitable topic, so I’ll post it here, as API and Webhooks is the dept. that I’m most active in.

We have about a dozen of freelance teachers working for our organization. Each of them have their own Zoom account through our Business subscription. In order for them to be able to recieve messages from the Zoom platform (sign-in codes mostly), I’ve created email forwarders for them, and these are used for their Zoom username as well.

But: these forwarders are never(!!!) shared with anyone, nor published anywhere. Yet, some shady data-harvesting companies (Lusha, Slintel) seem to have access to these addresses. How? The only leak I can think of is: Zoom itself.

Is Zoom selling these email addresses? Are these organizations using illegal methods to obtain Zoom-related email addresses? Any information welcome.

Frustrated by data leak! Freelance teachers’ Zoom emails (used for login) are being harvested by Lusha & Slintel despite email forwarding and secrecy. Suspecting Zoom is selling data or these companies use shady methods. Seeking info on the source of the leak.

I’m not sure what you’re suggesting here. Are more people affected by this?

Update: another 100% private email address leaked, and received spam. The very ONLY place this email address (a forwarder) is ever used, is in Zoom. I know selling your customer’s data is all good and dandy in the US, but we’re located in the EU, where data harvesting without consent is illegal. Please, Zoom, respond.