Powered by SaaS Industry
At a Glance
Over a million users’ data on the audio networking platform Clubhouse were leaked from its SQL database for free on a popular hacker platform, as per reports. Though Clubhouse has denied any such data leakage, the news has spurred opinions on social media.
This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0Bo— Clubhouse (@joinClubhouse) April 11, 2021
It is to be noted that earlier this year, in January, phone numbers of nearly 500 million users from 106 countries were put up for sale via Telegram bot. Facebook, however, has been prone to controversies and data leaks in recent years. In 2019, over 400 million users’ phone numbers were found floating on an unprotected server.
More recently, in April this year, the January data leak from Facebook was substantiated with data highlighting more than just phone number leaks that include email ids, full names, locations, birthdays, etc.; all put out for sale by hackers.
All 533,000,000 Facebook records were just leaked for free.— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
With respect to Clubhouse, reports state that a variety of user-related information was leaked, such as one’s user credentials, name, photo URL, number of followers, and other social media handle details- Instagram and Twitter.
The data leaked against the counter by Clubhouse can pose serious ramifications for a user. Targeted phishing attacks can trigger a wide range of problems.
Even though “deeply-sensitive financial data of a user such as a bank account credentials were not leaked, even with trivial information like profile names, shall suffice for a proficient cybercriminal to cause significant damage.
Creating detailed information on a user based on the available leaked information, it is possible for hackers to engage in phishing and social engineering attacks by manipulating people to reveal critical information. They can also lead to identity theft.
While concerns around privacy swirl around, reports have also, in addition to breaking news, suggested methods to keep a check on users’ personal information by suggesting best practices like strengthening passwords via password managers and also enabling two-factor authentication.
A data leak checker that allows people to know if their data were leaked was also enabled.
Further developments on the issue are closely watched.