A hacker forum user posted personal data of 1.3 million Clubhouse users for sale this week.
Clubhouse, the popular audio-only social media app, says it’s all public information that doesn’t pose any risk.
Reports about a data breach at Clubhouse are all the more plausible because they came after the last week’s data leak impacting over half a billion Facebook users and a big leak of LinkedIn users also ended up for sale on a hacking forum.
According to Cybernews, who was the first to break the story, an SQL database with scraped personal data of 1.3 million Clubhouse users is up for grabs on an underground forum. The posted data include user IDs, names, usernames, social media handles, account creation dates, photo URLs, and who invited the user to the app.
Clubhouse denied it suffered a breach of any type and said that this information publicly available, therefore anyone can access it through the Clubhouse API. And most of it is visible to other app users.
“This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API,” the company tweeted.
Some respected security experts have also said that the incident is nowhere near as serious as presented by mass media.
However, cases are well-known in which a cybercriminal uses such information in combination with data from other incidents to create a portrait of potential victims and target them in phishing and social engineering attacks. In some cases, such seemingly benign leaks have even caused identity fraud.
It is advisable to be on the lookout for malicious emails and not to open them; to use strong and unique passwords; turn on multi-factor authentication wherever possible, preferably via an authenticator app and not SMS-based.