Clubhouse CEO Disputes Report That 1.3 Million Users Accounts Were Breached
The co-founder and chief executive officer (CEO) of Clubhouse, a social media app for iOS that is invite-only at the moment, denies that hackers scraped its SQL database and stole user records of 1.3 million users. In a statement posted to Twitter, Paul Davison, who is also the chief executive officer (CEO) of Clubhouse, said reports to the contrary are "misleading and false."
News of the supposed data leak cropped up over the weekend, with Cyber News reporting that 1.3 million Clubhouse user data records had surfaced on a hacking forum, where the data dump was made available for free. It's said to contain a variety of user profile information, including user IDs, real names and usernames, photo URLs, Twitter and Instagram handles, and more.
In response to the report, Davison said all of the information posted is already available to anyone who has been invited to use the app, as well as via Clubhouse's API. Furthermore, Davison says Clubhouse's database was never hacked.
"This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public information from our app, which anyone can access via the app or our API," Davison wrote.
Davison voiced an even stronger denial during a recent town hall, according to The Verge, which quotes him as calling the original report a "clickbait article." But does it come as any consolation that this was not a hack, and that the data is freely available to view?
The CEO's statement hints that emails and passwords were not among the easily accessible data that was posted to a hacking forum. Nevertheless, this kind of information could conceivably be used to construct more personalized phishing attacks, and with a little digging, it would not be all that difficult to obtain a user's email, through the information that is available through linked accounts.
If nothing else, this serves as a reminder to be extra cautious about what information you put out there on the apps and services you use. Speaking of which, this latest development comes on the heels of user data belonging to 533 million Facebook users being posted for free on a hacking forum. The data was actually stolen in August 2019, however it had not been posted for free prior to recently.