Nearly four million cellphone numbers belonging to Clubhouse social audio app have been reportedly accessed by cybercriminals and published on the dark web.
Clubhouse is arguably the new social media frontier than has grown to become a $4 billion company, with celebrities such as Elon Musk showing support for the platform.
According to media reports, Clubhouse plugs into the power of voice to create a plethora of opportunities for digital influencers businesses and people looking to connect with a global community.
The app is lauded as the much-needed solution to “Zoom fatigue” that had gripped professionals who were forced to organize virtual meetings amid the COVID-19 pandemic. Expectedly, the disruptive social media platform was bound to come under the radar of threat actors looking to make big money off the shoulders of the 10 million strong user base.
Cybersecurity experts have noted the presence of the Clubhouse dataset which, fortunately, is only comprised of users’ mobile phone numbers. The leading cybersecurity pundit Jiten Jain published a tweet concerning the 3.8 billion numbers that have been put up for sale on the dark web.
In addition, the Twitter post also revealed that the stolen data comprised the phone numbers of people in Clubhouse users’ phonebooks due to syncing technology. This presented a high possibility that non-Clubhouse members may have been affected by the cybercriminal data leak.
Further, cybersecurity sources intimate that the phone numbers belonging to a wide spectrum of global personalities have been affected by the potential cyber breach – including the numbers belonging to public figures, voice chat and photos.
Response from Clubhouse
Past reports point to the fact that this is not the first time that Clubhouse has come under scrutiny for potential data privacy issues. Last April, a report by Cyber News placed Clubhouse among the social media apps that had failed to protect users from potential data leaks.
According to the new website, a database of 1.3 million Clubhouse users had been identified on a hacker forum = the event happened just days after the data belonging to a billion Facebook and LinkedIn users had been compromised by threat actors.
The claims were made about the exposure of user data that ended up being posted on the dark web. The information included user identification, names, usernames, social media handles, account details and information concerning user nominators.
Then, the Clubhouse team dismissed the claims as basic rumors, and asserted that the media report lacked basis. The social audio app maker went on to insist that the viewed data was public profile information that could be accessed by anyone via the app.
Similarly, Clubhouse has refuted the latest claims about a potential cyber breach. The company promised its commitment to high security practices that guarantee user privacy and security. The firm blamed the occurrence of the phone numbers to the work of several bots that can generate billions of random phone numbers.
According to Clubhouse, the app maker’s API does not return user information whenever the random numbers match what’s available on their platform owing to mathematical coincidence.
While reflecting on the Clubhouse case, the Chief Technical Officer and Co-founder of cyber intelligence firm Hudson Rock rubbished the reports about an alleged Clubhouse data breach. He dismissed the data leak due to the fact that the database lacked additional information apart from the list of phone numbers.
Further, the independent cyber security researcher Rajshekhar Rajaharia expressed doubt on the data leak considering that the database was made up of cellphone numbers and no names, photos or any other personal information. The cyber expert maintained that the phone numbers could be generated easily.
