Zoom users who reuse the same passwords from other accounts can face an ugly unintended consequence – having their login information sold on to dark web.

Personal account data including email addresses, passwords and the web addresses for zoom meetings are all posted freely and sold at very minute rates. One dataset for sale on a dark web marketplace, discovered by an independent security includes about 530,000 accounts.

“Zoom takes user security seriously, We continue to investigate, are locking accounts we have found to be compromised, asking users to change their passwords to something more secure, and are looking at implementing additional technology solutions to bolster our efforts,” a zoom spokesperson said in an email

Using the information uploaded, someone could access a person’s personal meeting room and launch that room. They could invite other people to join while representing the host. This opens the door to hackers exploiting a user's contacts, like by sending them malware through Zoom invites or making up situations to extort them.

One hacker forum, discussed using a tool called OpenBullet — which lets users feed large sets of existing usernames and passwords to try to log into different sites — successfully on Zoom. This is a common strategy known as credential stuffing and takes advantage of people who reuse passwords and usernames.

Zoom has become increasingly popular as social distancing and stay-at-home orders forced more people to depend on videoconferences to keep connected. The Silicon Valley firm now supports over 200 million daily users, up from 10 million before the pandemic.

The platform has also given rise to a new form of harassment — Zoombombing — in which an unwanted person joins a Zoom meeting and is disruptive. Concerns that Zoom's security wasn't ready for such scrutiny led to a handful of school districts, like New York City, and companies, like SpaceX, to ban the use of the software.

“No matter how this information got out, there is a high likelihood that Zoom could have prevented it,” said Lou Rabon, CEO and founder of Cyber Defense Group, which does IT security for companies. He explained that these kinds of attacks can be stopped if companies implement two-factor authentication.

“There is an inverse curve between security and convenience,” Rabon said.

The large dataset was obtained by Cyble, a threat intelligence organization based in Georgia. Beenu Arora, CEO and founder of Cyble, said that the credentials were found for sale on the dark web and his company then purchased the set from a Russian-speaking actor. The price paid was about a quarter of a penny per account.

Zoom's CEO, Eric Yuan, has been playing catch-up since early March as schools began to close. The video-chat platform was designed to be used for businesses, with in-house IT support and company-provided logins. Yuan has admitted that the learning curve toward serving first-time customers has been steep.

“Every day is a crisis,” Yuan said in a previous interview with NBC News. “But now I'm just moving forward and doubling down on privacy and security and do all we can to make our service better and better.”

In early April, Yuan enlisted the help of Alex Stamos, the former chief security officer at Facebook and currently an NBC News contributor, to build up Zoom’s security, privacy and safety abilities.

Oversights that allow hacked credentials from other sites to be used to log in to Zoom is part of the kind of growth Zoom has experienced, Stamos said.

“This happens to every company every single day, It’s only because Zoom is in the spotlight that anyone in the media is even paying attention.” he said.