Clubhouse CEO Paul Davison has denied reports that personal data of 1.3 million users was leaked via the app. The CEO made the remarks during a townhall on the iOS-only audio chat app in response to a question from a user. According to a report on The Verge, Davison was quoted as saying that the article by CyberNews, which reported the leak, was “misleading and false”. He called it a clickbait article, adding that the app was not hacked.
On Twitter too, the official Clubhouse handle had issued a similar response to the article on a tweet by TechMeme. The tweet had said, “This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.”
According to CyberNews, an SQL database containing 1.3 million scraped Clubhouse user records were leaked for free on a popular hacker forum. The report added that that the leaked data, included a lot of information such as user ID and name on Clubhouse, along with the Photo URL, the username being used, Twitter and Instagram handles, number of followers, number of people being followed. The leak also includes account creation data and whether “invited by user profile name.”
Clubhouse is currently invite only and a user can join after they get an invite from someone who is already on the app. The app also lets users link their Twitter and Instagram handles to the app, which would explain why this data has also leaked.
While Clubhouse says this is all publicly available data which has been scraped, as CyberNews notes, this does raise some privacy questions around the app and how it is handling its APIs.
CyberNews earlier reported about how LinkedIn data of 500 million users was scraped and being sold on the darknet. LinkedIn. The data information included names, email addresses, phone numbers, workplace information, etc, according to the report.
Earlier this month, it was reported that Facebook data of 533 million which was scraped back in 2019, was also available for sale on the darknet. The data leak is believed to have impacted 6 million Indians, according to reports. Both Facebook and LinkedIn have been quick to insist that the data leaks are based from scraping and not due to any data breach or hacking of their systems.