According to CyberNews, an SQL database containing sensitive user information from 1.3 million Clubhouse accounts scraped by hackers has been leaked for free on a well-known hacker forum.
Just over a month ago, Clubhouse had to sure up its defences after a user on the platform engineered their way into leaking audio from multiple Clubhouse rooms (which are supposed to be private) to a third-party website.
The leaked database contains the following user data pulled from 1.3 million Clubhouse profiles:
- User ID
- Photo URL
- Twitter handle
- Instagram handle
- Number of followers
- Number of people followed by user
- Account creation date
- Invited by user profile name
Thankfully, the leak doesn’t contain any deeply sensitive data like credit card information. Nevertheless, the leaked information can still be used by those with less than pure intentions to stage phishing attempts and social engineering scams, or even try to steal an individual’s identity.
Clubhouse confirmed on Saturday evening it was not hacked or breached. It said the info scraped was all public information, available via the company’s API.
This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0Bo
— Clubhouse (@joinClubhouse) April 11, 2021
Privacy concerns against the audio-based, invitation-only social media platform had already been mounting, and this leak is going to lend them even more authenticity.
Clubhouse was said to have held talks with Twitter for an acquisition, in a deal worth a reported $4 billion USD.