Recent reports claim that the user data of 1.3 million Clubhouse app users have been posted to hacker forums, but Clubhouse CEO Paul Davidson alleges that the app was not hacked and this information is publicly available.
Sky News reports that Paul Davidson, the CEO of the audio social media app Clubhouse, has denied that the firm was hacked following reports that the data of 1.3 million users were posted to hacker forums across the internet.
A SQL database file containing the personal data of 1.3 million Clubhouse users was reportedly recently posted in a hacker forum. The database included user’s names, IDs, photo URL, follower count, Twitter and Instagram names, dates that the account was created, and the profile information of the other Clubhouse user who invited them to the app.
Clubhouse has denied that any information was hacked and that the data collected is publicly available via the app or the Clubhouse API.
This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0Bo
— Clubhouse (@joinClubhouse) April 11, 2021
Clubhouse CEO Paul Davidson stated in a town hall meeting: “No. This is misleading and false. It’s a clickbait article, we were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive no.”
However, the firm is still facing investigations from privacy regulations, particularly in the European Union and the United Kingdom here data protection laws require social media firms to protect user data from being scraped.
Setu Kulkarni, vice president with WhiteHat Security, told Threatpost: “Clubhouse has conflicting user policies – being an invite-only platform and at the same time free-for-all user data. All it takes is one user to figure out the API for such large data egress of the millions of users on the platform.”
CyberNews researcher Mantas Sasnauskas analyzed the Clubhouse data and noted that the bug that allowed people to scrape user information is built into the platform itself. “The way the Clubhouse app is built lets anyone with a token, or via an API, to query the entire body of public Clubhouse user profile information, and it seems that token does not expire,” Sasnauskas said.
Read more at Threatpost here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org