Data associated with 1.3 million users of the Clubhouse app — including their name, username, User ID, numbers of followers, and more — has been posted on a hacker forum, according to a cybersecurity industry news report.
Clubhouse has been going out of its way, however, to stress online and to try and correct news reports suggesting that these details connected to the app’s user base were not “hacked” from Clubhouse, and that Clubhouse did not suffer a breach or data leak of some kind. In what were apparently internal company comments shared during a town hall, Clubhouse CEO Paul Davison blasted the CyberNews article (headlined, “Clubhouse data leak: 1.3 million scraped user records leaked online for free”) that brought this situation to light as “clickbait.” It was “misleading and false,” Davison said in comments shared by The Verge. “We were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no.’”
He’s sensitive, of course, to any hint of his app being breached, hacked or the source of a data leak as a result of the data breaches reported at LinkedIn and Facebook in recent days, which impacted a staggering number of users at each social network. In the case of Facebook, as we noted in a previous post, the data leak encompassed personal information from more than 533 million Facebook users from 106 countries. That data, too, was posted in a hacking forum, and it included everything from users’ phone number to emails address, birthdays, full names, and more.
The case at LinkedIn, meanwhile, was similar to the situation Clubhouse now finds itself in. Data was scraped from some 500 million LinkedIn profiles, according to CyberNews, including LinkedIn users’ names, email addresses, phone numbers and more.
In response to a Techmeme tweet over the weekend, which shared the CyberNews article included above about what happened at Clubhouse, the official Clubhouse Twitter account responded with the following: “This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.”
something hilarious about CH accused of a breach after 1.3mil accounts alongside aggregated personal info leaks and they shoot back with “no, no, no, our API is *supposed* to allow that to happen” https://t.co/PJ9iFzVy6a
— Parker Gibbons (@parker_gibbons) April 11, 2021
The news about Clubhouse generated a considerable amount of conversation on Twitter over the weekend, largely among people who quibble with the notion that this belongs in the same league as what happened to Facebook or whether it’s even a big deal at all — versus those who think that no one is saying Clubhouse got hacked or breached, that this was simply a bad outcome (Examples include threads and posts like these). Read our headline again, for example; however it got there, a significant amount of data associated with Clubhouse users that has ended up being gathered into one place, a hacker forum, where it can be put to use doing things like the following: Paul Prudhomme, an analyst at security intelligence company IntSights, told Insider that the data involved in this incident “is significant, because bad actors could use it to attack companies through their employees’ information.”
Nope none of this is false, user data, even if publicly available, should never be consolidated and made available in one place where it will be abused. And the article never claimed you were breached or hacked, it stated that the information was only *posted* on a hacker forum.
— Ryan Zohoury (@RyanZohoury) April 11, 2021