These codes are checked and collected after being tested by hackers. Specifically hackers try to connect to Zoom using accounts that have occasionally been leaked from past data breaches. Successful connections are then collected in lists sold to other intruders in Dark Web.
Some of these accounts Zoom are offered for free in forums so that they can be used in pranks and malicious activities. Others sell for less than a cent each.
In the photo below, you can see accounts related to American colleges, such as the University of Vermont, the University of Colorado, Dartmouth, Lafayette, the University of Florida and more.
Since no one knows how far this login credential has been leaked, it is advisable to use unique passwords for each site you sign in to.
You can also check if your e-mail address has been leaked through data breach notification services Have I Have Pwned.