Clubhouse Data Appears on Hacker Forum but Not as a Product of a Breach

  • A set of scraped data from Clubhouse has been offered on hacker forums for free.
  • The platform responded that this was just the result of abusing their API and that there’s no breach.
  • The dangers for the exposed users remain important even if the data was already publicly available.

Someone has posted a set of 1.3 million records on a popular hacking forum and shared it for free with all users. The set, which is bundled in an SQL database, allegedly contained data relevant to Clubhouse profiles. Based on what was confirmed later by the social media platform itself, it was indeed valid. However, the data appears to have been derived from a scraping action, not a data breach, so it is basically a publicly available data collection.

Source: CyberNews

The data that was shared on the hacker forum includes the following:

  • User ID
  • Name
  • Photo URL
  • Username
  • Twitter handle
  • Instagram handle
  • Number of followers
  • Number of people followed by the user
  • Account creation date
  • Invited by user profile name
Source: CyberNews

This is similar to what we saw last week with LinkedIn, so there’s a trend here with these aggregations. While some sellers present them as the products of a breach and try to trick buyers into paying them, others simply promote the sets for what value they hold as the mega-clusters they are. Having everything neatly bundled and easily searchable creates the ground for various low to mid-risk exploitation scenarios like phishing and scamming, so these scrapings aren’t innocuous.

This is precisely why internet platforms should deploy anti-scraping systems to prevent such occurrences, something that Clubhouse seems to have no qualms to omit. Simply accepting that anyone can access the above data via the API and scrape massive volumes of it is the wrong approach. Clubhouse and any other online platform should be trying their best to prevent these actions by putting API call limitations or via other mechanisms.

If you are a Clubhouse user, be aware of suspicious DMs in the platform, connection requests from profiles you don’t know, phishing attempts, and social engineering attacks. Remember, having the above data means that someone could make correlations or connections with past data leaks that may have some overlaps.

It is noteworthy that in the case of Clubhouse, we have a “closed” platform that users can only join after having received an invitation from an existing member. Thus, the exposure is more damaging for its userbase because some of the people who joined may have preferred to keep the fact private. Finally, we should point out that the number of exposed profiles is a fraction of the platform’s userbase, which is estimated to 10 million users at the moment.



How to Watch Washington Wizards Games Online Without Cable

The Washington Wizards have been the surprise package of the NBA season so far, exciting fans all over the world with their...

How to Watch Philadelphia 76ers vs. Boston Celtics: Live Stream, Start Time, TV Channel, Odds, Predictions

The NBA regular season continues on Wednesday evening, with the Boston Celtics hosting the Philadelphia 76ers at the world-famous TD Garden in...

How to Watch Sacramento Kings vs. Los Angeles Clippers: Live Stream, Start Time, TV Channel, Odds, Predictions

The Los Angeles Clippers will be looking to return to winning ways as they battle it out against the Sacramento Kings in...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari