Personal details like Name, UserID, Photo URL, and more of the other components have reportedly been scraped from Clubhouse.
The Clubhouse is the latest social media platform after Facebook and Linkedin to have been subjected to mass data scraping. Data of over 1.3 million Clubhouse users are now reportedly being sold online. It comes after LinkedIn saw a similar data leak of over two-third of its subscribers and Facebook seeing over 533 million users’ data being sold online.
In Clubhouse, details like Name, UserID, Username, Photo URL, Twitter handle have reportedly been scrapped. Clubhouse official says that the platform hasn’t been breached or hacked, but the dataset that is sold online is available to the public and can be accessed via the app.
CyberNews reported about this new mass dataset being scraped from Clubhouse, leading to exposure of 1.3 million users’ details. The report suggests that these details could lead to targeted phishing, social engineering attacks, or even identity theft in the hand of bad actors. The elements that have been scraped from Clubhouse include Name, User ID, Username, Photo URL, Instagram Handle, Twitter Handle, Number of people followed by the user, Number of followers, invited by user profile name, and account creation date. While the data set does not include sensitive data like legal documents or credit card details, social media details will be enough for a skilled cybercriminal to cause real damage.
Clubhouse, meanwhile, refuses all claims of being breached or hacked, calling the report “misleading and false.” It says on Twitter, “The data referred to is all public profile information from our app, which anyone can access via the app or our API.”
Clubhouse advised their users to change their passwords and use a robust password manager to create unique passwords and use a good password manager to create unique passwords and store them securely. Ensure that you are cautious while opening messages on Clubhouse and accepting connection requests from strangers. Also, enable two-factor authentication (2FA) on all online platforms, wherever available, and share only necessary data on public social media accounts.
LinkedIn was also a victim of a massive data breach last week, wherein data of over 500 million of its users have been scoured from the platform and posted online for sale. The dataset includes sensitive information like Phone Numbers, Workplace Information, Email Addresses, Account IDs, Full Names, links to their gender details, and social media accounts. Facebook also faced a similar leak in which data of over 500 million users was leaked.