I just checked and the meeting code is still valid, It was from a meeting from mid June 2018, using the zoom.us service. It's a meeting room/code assigned to a specific rep. Reused/resent to all leads.
Probably their "personal meeting room" -- Zoom makes it very easy to just use that for all of one's meetings. For intracompany use, I've used it, but I prefer to not use it for intercompany discussions, too much chance of leakage.
Yes that's correct, it was a personal meeting room for a salesperson. But don't you think it's odd that I can call into to any meeting for months on end? Or that someone could do that to you? We were talking to them about a partnership deal, and would of needed to sign a contract which included certain non-disclosures etc. Yet someone could just call in and listen?
Massive security hole. You could setup a bot constantly in the call and record all the conversations. It could be setup with a seemingly official name like "admin" or the name of the company, so any one looking at the live list of attendees would think it's a normal maintenance bot from either the company or the service.
It's possible the lock out the conference room from new attendees. Also as someone who drives conference calls, I would be sure to eject anyone who I did not know on the call... I monitor participants constantly.
I use zoom for interviews and run into the same issue using my personal room for back-to-back interviews. My solution is to enable the waiting room feature. This makes it so that people can call in, but need to be admitted to the actual room. This works well for the interviews. The problem is that it's a account wide setting and cannot be disabled for specific meetings. So now the is a problem of I set up the room for a recurring meeting and am out sick and forgot to disable the waiting room.
I see two issues with that strategy. If you lock a meeting, people can't connect who may just be late, or if they disconnect accidentally, they can't reconnect. The second is most calls aren't webinars or organized events. These services get used by 1-on-1, 2-on-1 etc, smaller calls frequently. It could be difficult to stay engaged and be expected to diligently secure a call.
I don't think we'd expect this level of security to be acceptable for email access. It's really just a matter of enforcing a pin number, along with a meeting code.