In a well-known hacker forum, 1.3 million user-related data from the Clubhouse social media platform were published. The data includes user IDs, names, photo URLs, user profile names – including those from Twitter and Instagram -, the number of followers and followers as well as the date the account was created and the profile names of the users from whom the invitation to the clubhouse came Cybernews.
Although “sensitive” information such as e-mail addresses, telephone numbers or credit card information are not among the data that the attackers had picked up from an SQL database via web scraping via a private interface, there is still a risk based on the published data. In combination with the Twitter and Instagram handles, attackers could create profiles of the potential victims. These would be suitable for targeted phishing and social engineering attacks through to identity theft, it is said in the post by Cybernews further.
Clubhouse itself has not made an official statement to Cybernews at the current time. With Clubhouse, the data flow from social networks is already the third within a week. Seven days ago, data from hundreds of millions of Facebook users was discovered on the Internet, which, unlike Clubhouse, also contains sensitive information. Two days ago, profile data from 500 million LinkedIn users was offered for sale in a hacker forum.
Four billion dollar hype
The $ 4 billion audio-based social media hype app Clubhouse has come under fire in the past for privacy concerns and a lack of moderation. In the past, the live podcast app was warned by the Federal Association of Consumers because of a missing imprint on the website and the general terms and conditions and data protection information, which were not available in German as required in Germany. The cabaret artist İdil Baydar and the Berlin clan boss Arafat Abou-Chaker discussed the prosecution of criminal clans at Clubhouse in front of 5000 listeners and compared them with the persecution of Jews.
Bodo Ramelow confessed in a live podcast that at a meeting of the state heads of government – with interruptions – he managed “up to ten levels in Candycrush” and thus triggered new discussions about the platform. The company got through the use of an audio solution from the Chinese start-up Agora.io, which could transfer the user data unencrypted to China and the requirement that the entire address book had to be loaded onto the clubhouse server for invitations to other users repeatedly in criticism.
However, the company’s success also ensured that many large providers are working on cloning the idea behind Clubhouse, including Twitter with “Spaces”. The short message service allegedly only recently wanted to buy a clubhouse for billions.