Where did these 1.3 million pieces of data come from?

Clubhouse: Facebook, LinkeDin, now Clubhouse… We have a (sad) month of record for massive hacks. As if the insane number of 533 million Facebook accounts and another 500 on Linkedin were not enough, now we find what seems like another security breach that has occurred in a social network as new as it is desired: Clubhouse.

Clubhouse security breach

A few days ago, the Cybernews site announced that in a hacker forum there was an SQL database containing the data of 1.3 million Clubhouse users, the viral application of the moment with such restricted access that very few users You can join it right now – it’s only for iOS, and it works exclusively by invitation.

The worst thing is that those 1.3 million records were shared for free with anyone who had access to that forum, so anyone can have:

– 1.3 million user identifiers

– 1.3 million registration dates

– 1.3 million usernames

– 1.3 million identifiers on networks such as Twitter and Instagram

– 1.3 million profile names of those who have invited other users to join Clubhouse

Fortunately, in its analysis of the database, Cybernews has ruled out that it includes information considered sensitive, such as details of credit cards or legal documents. And also, the Clubhouse itself rules out that it has been hacked.

It is public information

The database is real, and it has been verified that it exists, but Clubhouse has denied that it is a security breach in its system or that it is due to a ‘hack’, but that the data it contains “comes from the information application profiles public, which anyone can access both through the application itself and the application programming interface (API) ”.

Cybernews agrees with this, but has taken the opportunity to review that it questions the privacy of the Clubhouse API, for “allowing anyone to collect public information from the profile in bulk.” They point out that the information found in the hacker forum can lead to Phishing-type attacks – impersonation of a legitimate source to deceive the user – or other types of social engineering attacks.

0

LEAVE A REPLY

Please enter your comment!
Please enter your name here