Data of more than 1 million Clubhouse users leaked online: Report
Leaked data contains information such as, user ID, photo url, Twitter handle, number of followers, account creation date, and invited by user profile name
An SQL database containing personal data of 1.3 million Clubhouse users has leaked online, according to a report from Cyber News.
The leaked data includes social media profile names, user ID, photo URL, Twitter handle, number of followers, account creation date, invited by user profile name, and other details. The report notes that the leaked data does not include sensitive information such as credit card details or legal documents.
Cybercriminals can use the data to target affected users through phishing or other types of social engineering attacks. They can also conduct brute-forcing of passwords of Clubhouse profiles, the report added.
Not seeing any private info in this “leaked data” of Clubhouse— Jane Manchun Wong (@wongmjane) April 11, 2021
The user IDs are numerical. So it just seems like someone scraped the data by hitting Clubhouse's private API, iterating from user ID 1 to beyond https://t.co/MBWG46JmCB
“Particularly determined attackers can combine information found in the leaked SQL database with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum,” according to the report.
Clubhouse users are advised to avoid suspicious Clubhouse messages and connection requests from strangers. They can also reset the password of their Clubhouse account, and ensure it's not the same as other accounts. Enabling two-factor authentication is also one of the ways to keep cybercriminals at bay.
As of now, Clubhouse has not responded to the data leak. We'll update you as soon the company releases any statement on the same.
The latest cyber breach comes after the personal data of over 500 million LinkedIn users was scraped and put up for sale on hacking forums. LinkedIn confirmed that the leaked data was not a breach but “actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn.”
Facebook recently faced a similar data scraping incident that affected over 500 million users. The social media company added that data was scraped before September 2019 and that it had already fixed the problem.