[BreachExchange] After Facebook & LinkedIn, now data from Clubhouse leaked - It's of 1.3 million users

Destry Winant destry at riskbasedsecurity.com
Mon Apr 12 10:41:34 EDT 2021


https://www.techradar.com/in/news/after-facebook-and-linkedin-now-data-from-clubhouse-leaked

The data of close to 1.3 million Clubhouse users have been posted to a
hacker forum, but the company denied claims of any hacking, and
suggested that the data was publicly available information.

But coming on the back of data leak at Facebook and LinkedIn, in which
a collective total of over one billion profiles were hacked, this leak
at Clubhouse does give room for fear among users.

But the company is putting a brave front. Clubhouse called reports
that it was hacked as "misleading and false."

"Clubhouse has not been breached or hacked. The data referred to is
all public profile information from our app, which anyone can access
via the app or our API," the company claimed.

What was the leak?

This is misleading and false. Clubhouse has not been breached or
hacked. The data referred to is all public profile information from
our app, which anyone can access via the app or our API.
https://t.co/I1OfPyc0BoApril 11, 2021

The info in the SQL database covers a bunch of personal information.

The leaked database from Clubhouse is said to contain, among others:
User ID, name, photo URL, username, Twitter handle, Instagram handle,
number of followers, number of people followed by the user.

Much of these details could, anyway, be publicly accessed. So the
claim from Clubhouse here is that it doesn't include sensitive
information such as a password or an email address, which could be
more damaging.

The leak is the latest in a string of attacks where hackers scrape
data from major services and dump them for open public viewing.
Recently, a cache of 500 million LinkedIn profiles were shared in the
same way. Before that it was Facebook that bore the brunt.

Can't take Clubhouse scrape easy

This is not the only security scare at Clubhouse. Earlier this year,
Clubhouse upgraded its security over concerns malafide actors in China
could potentially spy on users.

Analysts warn that details from leaked SQL database can be combined
with other data breaches, and detailed profiles of potential victims
can be created. Worse, the hackers can pull off phishing and social
engineering attacks or even commit identity theft.

Clubhouse users, in general, have been advised to avoid suspicious
messages and connection requests from strangers. They can also reset
the password of their account as a matter of safety.


More information about the BreachExchange mailing list