Marc Ruef, a Swiss expert on digital security and data protection, said on Twitter that 3.8 billion phone numbers were leaked through the Clubhouse service. The problem affected not only the users of the social network, but also those who are recorded in their contacts.
The incident became known after Mr. Ruef discovered a post published on the darknet by a certain hacker who put the database of numbers up for sale. To confirm the seriousness of his intentions, the cybercriminal published a fragment of the database with 83.5 million phone numbers, this number included only Japanese Clubhouse users. He also clarified that the offer is exclusive; and he is looking for only one buyer for the entire giant database.
In addition to the fact that such a leak can be one of the largest in history, it is worth noting that this time the problem affects not only the users of the service, but also those who did not signup to the social network. During installation and registration, the Clubhouse application requires access to the user’s contacts and in the process monitors the list of contacts in real-time.
Recall that Clubhouse is a social network for voice messages available since the beginning of this year. At first, registration in the service was available only by invitation, and only recently, on July 21, access was open to everyone.
Clubhouse: There has been no data breach
The chat app maker informed that there has been no data breach. The company also said that it continues to invest in industry-leading security practices; as privacy and security are of the utmost importance to Clubhouse.
“There are a series of bots generating billions of random phone numbers,” the company’s spokesperson told IANS.
“In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence; Clubhouse’s API returns no user identifiable information,” it added.
According to independent security researcher Rajshekhar Rajaharia; the data leak claim appears fake as the alleged Clubhouse data contains only mobile numbers without names.
“No names, photos or any other details are available. They can generate the list of phone numbers very easily. The data leak claim appears fake,” Rajaharia told IANS.
The company has now removed its waitlist system so that anyone can join the platform in a hassle-free manner. The company also said that it has added 10 million people to the community; since its launch on Android in mid-May.