Clubhouse made headlines around the world for another week, but this time with controversial news. Personal data of 1.3 million users of the audio-based social network was exposed on a popular hacker forum, but the company does not agree that it was a leak.
As reported by CyberNews, someone posted a database last week with data from 1.3 million clubhouse users. This database contains information such as user ID, name, photo, social network profiles and other profile details.
Immediately, Clubhouse CEO Paul Davison argued that the articles on the exposed data were “misleading and false”, claiming that all of this data was public to clubhouse users. The edge). After that, the official Clubhouse profile on Twitter shared a statement that reinforced that the uncovered database data could be accessed by any developer through the app’s API.
This is misleading and false. Clubhouse was not trampled or hacked. The data referred to is all public profile information from our app, and access to anyone via the app or our API.
Yet it has raised privacy concerns about the app. As the privacy of user data becomes more important every day, the fact that anyone can download a database with a list of all users of a social network is questionable.
CyberNews security researcher Mantas Sasnauskas argues that Clubhouse needs to rethink how its API works to limit the amount of data developers can get. Although the exposed database contains only public information, it can lead to “attacks on phishing and social engineering.”
The way the Clubhouse app is built lets everyone inquire about the entire public information about the Clubhouse user profile with a token or via an API, and it looks like the token does not expire. This should not only be reflected in the ToS, but also in the technical implementation of the app, which makes it more difficult for anyone to scrape user data. If you do not take precautionary measures, it could be a privacy issue.
In particular, determined attackers can combine information found in the leaked SQL database with other data breaches to create detailed profiles of their potential victims. With such information in hand, they can make much more convincing attacks on phishing and social engineering or even commit identity theft against the people whose information has been exposed on the hacker forum.
Last week it was reported that Twitter was considering acquiring Clubhouse for $ 4 billion, but the discussions were later stopped. Now Clubhouse is looking for other investors, while competition grows with companies like Facebook and Twitter operating on their own audio platforms.
Read more:
FTC: We use revenue to earn automatically affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: