29th July 2021, Kathmandu
Threat actor put 3.8 B phone numbers on sale from clubhouse database on the darknet. On a cyber site, a threat actor has been selling Clubhouse’s sensitive database of 3.8 billion phone numbers. The organization “saves/steals each user’s phonebook” in a secret database, according to the threat actor.
The details revealed included Clubhouse user IDs, names, usernames, Twitter handles, Instagram handles, number of followers, number of people followed by the users, account creation date, and invited by user profile names. There was no financial information exposed in the data incident.
The threat actor shared a link to a sample of the database’s contents, which included the phone numbers of 83.5 million Japanese customers. In April 2021, Cyber News researchers discovered that the personal information of 1.3 million Clubhouse users had been leaked online.
“There are a series of bots creating billions of random phone numbers,” Clubhouse said in a statement to news agency IANS, denying the allegations. “In the event that one of these random numbers happens to exist on our platform owing to mathematical coincidence, Clubhouse’s API gives no user-identifying information,” the business said in reaction to the supposed “secret database of Clubhouse.”
According to the hacker selling the database, Clubhouse uses a scoring system to rate numbers. The higher the score, the more frequently a number is found on the consumers’ handsets. Clubhouse aims to figure out how much networking private individuals and businesses do. The information might be resold to ad agencies and research firms.
A number of experts have weighed in on the subject, refuting the hacker’s claims. A list of phone numbers, such as the one in this case, could be easily created, according to security researcher Rajshekhar Rajaharia, and the data breach claim looks to be bogus. Another researcher, Sunny Nehra, pointed out that the threat actor is new to the forum and is the least engaged.
“Clubhouse appears to be next after stolen data from over a billion Facebook and LinkedIn profiles was put up for sale online a few days ago. An SQL database with 1.3 million scraped Clubhouse user records was made available for free on a major hacker website, implying that the upstart platform has met the same fate “The case was covered by CyberNews.
However, in several European nations, data collecting from those who have not given their agreement to the service is illegal. The General Data Protection Regulation (GDPR) aims to prohibit personal data from being collected from people who do not utilize a service. If European users are included in the database leak, Clubhouse could face a hefty fine from the EU.
The clubhouse is social audio software for iOS and Android that allows users to participate in voice chat rooms with tens of thousands of people. On the audio-only app, live talks are hosted, and users can participate by speaking and listening. According to Clubhouse rules, conversations may not be recorded, transcribed, reproduced, or circulated without prior approval.
