A forum user is offering for sale a database containing 3.8B phone numbers on hacking forums.
Clubhouse is a popular audio-only social network that enables users to communicate in voice chat rooms with thousands of people. As of April 2021, Clubhouse was valued at nearly $4 billion in a funding round.
Clubhouse’s guidelines prevent conversations from being recorded or transcribed, and the developers of the app do not allow sharing recording if there’s no explicit permission.
The threat actor who started selling the secret database of 3.8 billion phone numbers on a hacking forum, claims that the company “saves/steals the phonebook of each user” and stores it in a special database that the actor is selling.
The seller claims that the database contains around 3.8 billion phone numbers (cellphones, fixed, private, and professionals numbers). Each number is ranked by a score which depends on how many users have it of their phonebook.
The threat actor published a link to a sample of the data contained in the database, which had over 83.5M phone numbers of Japanese users.
This is not the first time when data of Clubhouse users has been leaked online.
In April 2021, researchers from Cyber News discovered that the personal information of over 1.3 million Clubhouse users were leaked online. The experts came across an ad on a hacker forum offering to give away an SQL database containing 1.3 million scraped user records.
“Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum,” reported CyberNews at the time.
The leaked records included names, usernames, Clubhouse user IDs, Twitter handles, Instagram handles, and passwords of the users, and more. The number of followers and the profile names of the users were also leaked, but luckily not the financial data.