Personal data of over 1,3 million Clubhouse users was recently discovered in open-access on one of the hacker forums and reported by Cybernews.
The leaked database contains a lot of user-related information, including:
- User IDs, usernames, and real names
- Number of followers and users followed
- Other social media handles (including Twitter, Instagram, and Facebook)
- Account information
- Names of people invited by the user
- Photo URLs
After the leak was discovered, Clubhouse has issued a statement saying that information about the leak is “misleading and false“.
According to Clubhouse, the user data shown in the leak is public-domain and anyone can access it through the app itself or Clubhouse’s API.
This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0Bo
— Clubhouse (@joinClubhouse) April 11, 2021
This means that anyone can scrape the social media platform’s SQL database and get as much user information as they can carry.
Even though the leaked data does not contain sensitive and personal information, in the hands of a competent hacker it can still be used to carry out targeted phishing and other social engineering attacks.
If you are worried this leak can affect you, we recommend:
- Checking whether your data has been leaked;
- Keeping an eye out for any suspicious Clubhouse messages, including those coming from your followers;
- Enabling two-factor authentication;
- Updating your Clubhouse password to a secure one, using a password generator.