After Facebook and LinkedIn, clubhouse has to face an enormous personal data leak of 1.3 million users from an online SQL database containing personal data of the clubhouse users, according to a report.
As per the report the SQL database contains data, However information like credit card details or legal documents isn’t being leaked.
What was leaked?
- User ID
- Photo URL
- Twitter handle
- Instagram handle
- Number of followers
- Number of people followed by the user
- Account creation date
- Invited by user profile name
Clubhouse API permits anyone to hold out mass scrapes of user data?
Clubhouse has issued a statement regarding the incident on social media, saying they need not be intimate with a breach of their systems. The company said that the information is already publicly available; it is accessed by “anyone” via their API.
In addition to sparking a heated discussion below the company’s statement on Twitter, this raises some questions on the privacy stance of the company: permitting everybody to collect and transfer even public profile data on a mass scale will have severe negative consequences for user privacy.
in line with CyberNews senior data security investigator Mantas Sasnauskas, the posting of scraped clubhouse user data reveals a potential privacy issue at intervals the social media platform itself: “The means the clubhouse app is made lets anyone with a token, or via an API, to query the whole body of public clubhouse user profile information, and it looks that token does not expire.”
This development comes when Facebook recently saw a data breach of more than five hundred million users. Similarly, LinkedIn additionally witnessed a serious data leak of five hundred million users as their information was scraped and placed up available on hacking forums.
The report additionally disclosed that this data may be put-upon by cyber criminals to focus on affected users through phishing or alternative forms of social engineering attacks. they’ll additionally do brute-forcing of passwords of clubhouse profiles.
“Particularly determined attackers will mix information found within the leaked SQL database with alternative data breaches so as to form elaborated profiles of their potential victims. With such info in hand, they’ll stage rather convincing phishing and social engineering attacks or maybe commit fraud against the folks whose information has been exposed on the hacker forum”.
Therefore, it’s suggested for clubhouse users to avoid suspicious clubhouse messages and connection requests from strangers and additionally attempt to reset the password of their account.
What’s the impact?
The data from the leaked files may be utilized by threat actors against clubhouse users by finishing up targeted phishing or different forms of social engineering attacks.
The SQL database posted on the hacker forum solely contains clubhouse profile information — we didn’t notice any deeply sensitive information like credit card details or legal documents within the archive posted by the threat actor. With that said, even a profile name, with connections to the user’s alternative social media profiles identified and established, may be enough for a competent cyber criminal to cause real damage.
Particularly determined attackers will mix combine found within the leaked SQL database with alternative information breaches so as to make elaborate profiles of their potential victims. With such information in hand, they’ll stage rather convincing phishing and social engineering attacks or perhaps commit fraud against the folks whose data has been exposed on the hacker forum.
If you believe that your clubhouse profile information might have been leaked by threat actors, we suggest you:
- Beware of suspicious clubhouse messages and connection requests from strangers.
- Consider using a password manager to make strong passwords and store them firmly.
- Enable two-factor authentication (2FA) on all of your on-line accounts.
- Be careful for potential phishing emails and text messages.
- Don’t click on something suspicious or respond to anyone you don’t know.