Clubhouse Data Appears on Hacker Forum but Not as a Product of a Breach

  • A set of scraped data from Clubhouse has been offered on hacker forums for free.
  • The platform responded that this was just the result of abusing their API and that there’s no breach.
  • The dangers for the exposed users remain important even if the data was already publicly available.

Someone has posted a set of 1.3 million records on a popular hacking forum and shared it for free with all users. The set, which is bundled in an SQL database, allegedly contained data relevant to Clubhouse profiles. Based on what was confirmed later by the social media platform itself, it was indeed valid. However, the data appears to have been derived from a scraping action, not a data breach, so it is basically a publicly available data collection.

Source: CyberNews

The data that was shared on the hacker forum includes the following:

  • User ID
  • Name
  • Photo URL
  • Username
  • Twitter handle
  • Instagram handle
  • Number of followers
  • Number of people followed by the user
  • Account creation date
  • Invited by user profile name
Source: CyberNews

This is similar to what we saw last week with LinkedIn, so there’s a trend here with these aggregations. While some sellers present them as the products of a breach and try to trick buyers into paying them, others simply promote the sets for what value they hold as the mega-clusters they are. Having everything neatly bundled and easily searchable creates the ground for various low to mid-risk exploitation scenarios like phishing and scamming, so these scrapings aren’t innocuous.

This is precisely why internet platforms should deploy anti-scraping systems to prevent such occurrences, something that Clubhouse seems to have no qualms to omit. Simply accepting that anyone can access the above data via the API and scrape massive volumes of it is the wrong approach. Clubhouse and any other online platform should be trying their best to prevent these actions by putting API call limitations or via other mechanisms.

If you are a Clubhouse user, be aware of suspicious DMs in the platform, connection requests from profiles you don’t know, phishing attempts, and social engineering attacks. Remember, having the above data means that someone could make correlations or connections with past data leaks that may have some overlaps.

It is noteworthy that in the case of Clubhouse, we have a “closed” platform that users can only join after having received an invitation from an existing member. Thus, the exposure is more damaging for its userbase because some of the people who joined may have preferred to keep the fact private. Finally, we should point out that the number of exposed profiles is a fraction of the platform’s userbase, which is estimated to 10 million users at the moment.

REVIEW OVERVIEW

Latest

NBCUniversal’s Streaming Platform ‘Peacock’ Is Landing on Amazon’s Fire TV Today

Users of Fire TV devices will finally be able to enjoy ‘Peacock’ content on their Amazon hardware.This has been requested warmly by...

Dell Fixes Multiple BIOS Vulnerabilities Affecting Millions of Its Computers

Tens of millions of Dell computers are vulnerable to arbitrary remote code execution flaws.The problem lies in BIOS components that come as...

Former Executives of French Spyware Firms ‘Nexa’ and ‘Amesys’ Indicted for Aiding Torture

Four former executives of two French spyware firms have been indicted in Paris for aiding torture in Africa.These people were determined to...