A mega breach?
A major data breach just occured. As many as four million cellphone numbers belonging to Clubhouse social audio app have reportedly been accessed by criminals. The information has since been published on the dark-net.
Clubhouse was undoubtedly the next social media frontier, having grown to become a $4 billion corporation. The app has celebrities like Elon Musk endorsing it. According to media reports, Clubhouse 'harnesses the power of voice to open up a slew of new opportunities' for digital influencers, organizations, and individuals seeking to engage with a worldwide audience.
The software is being hailed as the long-awaited answer to "Zoom fatigue", which seized professionals compelled to have virtual meetings due to the pandemic. The disruptive social media network was sure to attract the attention of threat actors trying to profit from the platform's 10 million strong user base.
The Clubhouse information, which is thankfully just made up of customers' mobile phone numbers, has been discovered by cybersecurity specialists. Jiten Jain, a well-known cybersecurity expert, tweeted about the 3.8 million numbers that have been placed up for sale on the dark web. Furthermore, the stolen data included the phone numbers of people in Clubhouse users' phonebooks as a result of syncing technology, according to the Twitter post. The cybercriminal data dump has a high chance of affecting non-Clubhouse members.
According to cybersecurity experts and authorities, the possible cyber intrusion has impacted the phone numbers, voice chat, and photographs of a wide range of celebrities too.
According to previous reports, this isn't the first time Clubhouse has been investigated for possible data privacy violations. Clubhouse was included among the social networking applications that failed to protect users from potential data leaks in a study published by Cyber News in April.
A news website reported, a database of 1.3 million Clubhouse members was discovered on a hacker forum ; the incident occurred only days after threat actors hacked the data of a billion Facebook and LinkedIn users.
User data was allegedly exposed and then posted on the dark web, according to the accusations. User identities, names, usernames, social media handles, account details, and information about user nominators were all included in the data.
The Clubhouse team then denied the accusations as mere hearsay, claiming that the media story was unfounded. The creator of the social audio app went on to say that the data displayed was public profile information that anybody could access through the app.
Similarly, Clubhouse has denied the most recent allegations of a computer security vulnerability. The firm stated that it is committed to using high-security measures to ensure customer privacy and security. The company attributed the appearance of the phone numbers to the activity of numerous bots capable of producing billions of random phone numbers.
According to Clubhouse, due to mathematical coincidence, the app maker's API does not disclose user information when the random numbers match what's accessible on their site.
The Chief Technical Officer and Co-Founder of cyber intelligence firm Hudson Rock, commented on the Clubhouse issue. He dismissed allegations of a purported Clubhouse data leak. He disregarded the data breach since the database included no information other than a list of phone numbers.
Furthermore, Rajshekhar Rajaharia, an independent cyber security expert, questioned the data breach because the database only contained telephone numbers and no names, pictures, or other personal information. The phone numbers, according to the cyber specialist, may be readily created.
It is still unclear weather an actual data-breach took place and to what extent. One thing we know is that cyber-crime has been skyrocketing in recent times and this comes under no surprise. With this said, more information is expected to come out in the near future.