The data of close to 1.3 million Clubhouse users have been posted to a hacker forum, but the company denied claims of any hacking, and suggested that the data was publicly available information.
But coming on the back of data leak at Facebook and LinkedIn, in which a collective total of over one billion profiles were hacked, this leak at Clubhouse does give room for fear among users.
But the company is putting a brave front. Clubhouse called reports that it was hacked as “misleading and false.”
“Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API,” the company claimed.
What was the leak?
This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0BoApril 11, 2021
The info in the SQL database covers a bunch of personal information.
The leaked database from Clubhouse is said to contain, among others: User ID, name, photo URL, username, Twitter handle, Instagram handle, number of followers, number of people followed by the user.
Much of these details could, anyway, be publicly accessed. So the claim from Clubhouse here is that it doesn’t include sensitive information such as a password or an email address, which could be more damaging.
The leak is the latest in a string of attacks where hackers scrape data from major services and dump them for open public viewing. Recently, a cache of 500 million LinkedIn profiles were shared in the same way. Before that it was Facebook that bore the brunt.
Can’t take Clubhouse scrape easy
This is not the only security scare at Clubhouse. Earlier this year, Clubhouse upgraded its security over concerns malafide actors in China could potentially spy on users.
Analysts warn that details from leaked SQL database can be combined with other data breaches, and detailed profiles of potential victims can be created. Worse, the hackers can pull off phishing and social engineering attacks or even commit identity theft.
Clubhouse users, in general, have been advised to avoid suspicious messages and connection requests from strangers. They can also reset the password of their account as a matter of safety.