Personal data of 1.3 million Clubhouse users up for grabs for free on hacker forum, company denies data breach
Clubhouse has said that there was no data breach and the information that is alleged to be a part of the breach is public.Clubhouse, the audio-only app that skyrocketed in terms of popularity right after Elon Musk held a session, is in trouble right now. After the shocking incidents that involved leaking of data from Facebook and LinkedIn — and their unfortunate ignorance by both companies, Clubhouse has fallen victim to a data breach. And this breach is a big one. You can judge that by seeing the magnitude of the data spill. A new report has suggested personal data, including user ID, of around 1.3 million users has ended up on a hacker forum where anyone can fetch the information for free.
CyberNews has claimed in a report that an SQL database is now live on a hacker forum, and it harbours data of 1.3 million scraped Clubhouse users. The user records include the user ID, username, name, photo URL, Twitter handle, Instagram handle, number of followers, number of people followed by the user, account creation date, and invited by user profile name. All of this data is properly logged into rows and columns, so it is going to be extremely easy for the person who is interested in obtaining this information for whatever purpose. The report has noted that data from this leak is good leverage for hackers against Clubhouse users.
The data breach does not have any “deeply sensitive” data such as credit card details or legal documents but even with what is now out in the open, hackers can orchestrate “more convincing phishing and social engineering attacks.” Hackers can even commit identity fraud with this sort of information up their sleeves.But, in an expected U-turn, Clubhouse has denied these charges. In a statement on Twitter, Clubhouse said that the news about the data breach is “misleading and false.” The audio-chat app said, “Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.” Ideally, this data breach is not as harmful as some other advanced ones are, because the information that has reached the hacker forum is available to the public. However, it does not undermine the fact that data breach is harmful, no matter what its scope is.
Clubhouse has not said anything else apart from refuting the allegations. And that leaves Clubhouse users in a state of fear, much like how it happened with LinkedIn and Facebook users after the data breach. For now, CyberNews has given out some guidelines for Clubhouse users that they can duly follow to make sure their data is safe. First, you should not pay attention to suspicious Clubhouse requests or messages. Join a session only if it comes from a verified source. You can go for a password manager and enable two-factor authentication (2FA) on your online accounts, in case you use one password for multiple accounts.