According to Cybernews, the data of 1.3 million users of Clubhouse, an audio-based social network exclusive to iOS, are exposed in a SQL database freely available on the internet.
The database does not expose information such as phone numbers, email addresses or financial data, but does include user ID, name, profile picture URL, Twitter account , Instagram account , number of followers, number of people that the user follows, date of creation of the account and name of the profile from which the invitation to the network came from.
In its Twitter account, the social network denies that it has been hacked or hacked. According to the tweet, the data is “public information of each profile”, which can be obtained using the service’s API (programming interface).
According to Mantas Sasnauskas, senior security researcher at CyberNews, “the way the Clubhouse app is built allows anyone with a token, or through an API, to search the entire public set of user profile information, and it looks like this token never expires”.
The Clubshouse Terms of Service prohibit automated data collection (a practice known as “scraping”), but Sasnauskas says this should go beyond a simple “rule”.
Even if it is “public” data, allowing anyone to collect information on a large scale can have serious negative consequences for members’ privacy.
By crossing information (such as a Clubhouse profile with Twitter or Instagram) rogues can easily expand their pool of information about a person, collecting enough data to carry out phishing scams or even identity theft.
Read more:
- More leaks: After Facebook, now it’s LinkedIn
- How can Facebook be punished after data leakage?
- Facebook is notified by Procon-SP for data leakage of at least 8 million Brazilians
Cybernews recommends that Clubhouse users pay extra attention to messages supposedly coming from the site or friend requests from strangers, in addition to phishing attempts via email or text messages. “Don’t click on anything suspicious, or respond to someone you don’t know.”
Source: Cybernews