Clubhouse denies app was hacked as scraped data of 1.3m accounts appears online

Social audio app Clubhouse denies it was hacked and personal data from 1.3 million of its users was stolen.

The company was responding to a report by Cyber News published on 10 April.

Rather, the company says that the data that appeared online is already available to the public.

Despite only being available on iOS devices, Clubhouse has had more than 10 million downloads in its first year.

Clubhouse says the data was scraped, not hacked

According to Cyber News, a database containing personal information from 1.3 million users was published for free on a popular hacker website. The outlet added that no sensitive information such as credit card details was leaked.

The data includes data such as user IDs, names, photos, usernames, account creation dates, and handles for their Twitter and Instagram accounts.

In response to the report, Clubhouse tweeted saying it was misleading and false. The data in question is already publicly available and can be accessed via the app’s API, according to the company.

This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0Bo

— Clubhouse (@joinClubhouse) April 11, 2021

On Sunday, Clubhouse CEO Paul Davison also denied the platform had been hacked.

‘Tis the month for leaks

Clubhouse isn’t the first social media platform to suffer a data leak this month.

Last week, it emerged that over 500 million Facebook users had their personal information, including their phone numbers, published on hacker forums. The data included full names, locations, email addresses, and birthdays.

Facebook said the data was scraped from users’ accounts back in 2019 using its app’s Contact Importer feature. It has since made adjustments to the feature to make sure it cannot be used maliciously.

However, Facebook has no plans to notify the affected users. It argues that because the data was public, it cannot tell who was affected or not.

Soon after, hackers put up data scraped from 500 million LinkedIn profiles for sale.

LinkedIn said the data was available publicly and that no data from private user profiles was leaked.

Despite the data in these leaks being public, the scraping and ability to aggregate the data into single documents poses threats to users.

This data can be used for spamming, phishing, and compromising other accounts.

Feature image: Unsplash/Nathana Rebouças

Read more: How to check if your phone number was in the Facebook data leak