At the beginning of 2021, there was a huge hype about the social media app Clubhouse. Now the hangover mood is the order of the day: 3.8 billion phone numbers ended up on the Darknet after a data leak.
At the beginning of 2021, it was probably the most hyped app in the App Store: the Clubhouse social media platform enabled communication in virtual rooms in which you can join in the discussion or simply listen. The app works like a mixture of a YouTube talk show and a Twitter thread to listen to. The special thing about it: Everyone could download the app. In order to actually use it, an invitation from another user of Clubhouse was required.
The clubhouse hype flattened out after a few weeks. There were more and more voices that gave the American app a miserable testimony in terms of data protection. Clubhouse is “hungry for data” and sends the data collected from its users to data analysis companies in the USA, among other things. “The provider records all statements and in many cases transfers address book entries from the user’s cell phone to company servers, where they can be used for marketing and advertising purposes,” criticized the German Stiftung Warentest.
Bad surprise for non-users
Now it turns out: The data protection problems at Clubhouse are probably even bigger than expected. Believe it or not, 3.8 billion phone numbers are currently being offered on the Darknet, all of which are said to have come from a data leak at Clubhouse. About it reports about “Business Insider”, but also the Swiss cybersecurity expert Marc Ruef on Twitter.
“Anyone who thinks that this is none of their business because you haven’t followed the clubhouse trend, could be in for a nasty surprise.”
Anyone who thinks that this is none of their business because you haven’t followed the clubhouse trend could be in for a nasty surprise. Because among the 3.8 billion numbers there are also those from people who have never had anything to do with the app. This is because the hackers were able to access the clubhouse users’ contact lists via the leak. This is what the digital journalist Adrienne Fichter says, also on Twitter.
The proven IT expert Hernâni Marques from the Chaos Computer Club Switzerland retweeted the original report about the data leak:
@GovCERT_CH: Can you please assess the risk for the Swiss population, including state agencies? Thanks!— Hernâni Marques 🦖 @[email protected] (@vecirex) July 24, 2021
/@swisscom_csirt et al.
The data is to be auctioned on September 4th in a private auction via Darknet. Clubhouse had to grapple with a data breach in April; At that time, the user data of 1.3 million clubhouse users became public. Clubhouse CEO Paul Davison described the reports of a hack as “misleading and false”. Clubhouse has not yet taken a position on the latest, presumably much larger, data scandal.