Clubhouse Confirmed False Data Breach
Clubhouse, the audio-based chat application, has rejected the allegations of a data breach that started spreading on the internet last week. The explanation came after a cybersecurity expert claimed that around 3.8 billion users’ telephone numbers are available to be purchased on the Dark web. In a tweet, data security expert Jiten Jain had likewise attached screenshots from the hackers who stole the database incorporating clients’ cellphone, fixed, private, and professional phone numbers. The screen capture further notes that “Clubhouse is connected real-time to all their users’ phonebooks meaning each time you add a new phone number in your phonebook, the number is automatically added into the secret database of Clubhouse.”
The hacker guaranteed that the information is estimated at $3 billion, which also includes the “most influential” people on the globe. The claims came days after Clubhouse dropped its welcome just status and opened the stage to all clients. This incident happened only after the Clubhouse had announced that it is now out of beta and open to everyone which means no need for an invite link to join the clubhouse. The company said that it has removed its waitlist system so that anyone can join the platform in a hassle-free manner.
Swiss-based infosec researcher also tweeted about this on July 24th. According to the screenshot, the list of phone numbers includes members’ phone numbers along with the other phone numbers that were synced with their contact list. It claims that the social audio service collects phone numbers from contact lists, which are synced to the company’s servers.
Security researcher Rajshekhar Rajaharia, who has found such leaks in the past, noted that personally identifiable information of users was not available in the data being sold. The Telegram group where the data appeared was the same one that sold a fake WhatsApp database of 470 million users in the past, Rajaharia said. “Now they changed the name of the group from WhatsApp Database Leak to Clubhouse Database Leak,” he noted. The seller in question had a “bad past”, he said.
Strengthen Clubhouse Data Security
In February this year, security experts at Stanford University in the US had warned that the app may be leaking users` audio data to the Chinese government. The Stanford Internet Observatory (SIO) had claimed that Agora, a Shanghai-based provider of real-time engagement software, supplies back-end infrastructure to the Clubhouse app.
In a statement to news agency IANS, Clubhouse denied these claims and said, “there are a series of bots generating billions of random phone numbers.” Speaking over the alleged “secret database of Clubhouse,” the company clarified saying, “if one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user identifiable information.”
So as of now, clubhouse users do no need to worry about their data security; however, it is very important to follow recommended cybersecurity practices. While you can check whether your data is compromised via sites like Have I Been Pwned, it is crucial to keep strong passwords. Users must also keep updating passwords and add two-factor authentication wherever is possible.