Reported that 1.3 million personal information was leaked from voice SNS 'Clubhouse', Clubhouse CEO denied report as 'data released from the beginning'



Regarding Clubhouse , an invitation-only voice SNS application for iOS, it has been reported that '1.3 million personal information including user IDs and names have been leaked.' On the other hand, the Clubhouse side denied the report, saying that 'the data that was allegedly leaked was originally published data.'

Clubhouse data leak: 1.3 million scraped user records leaked online for free | CyberNews
https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/

Clubhouse CEO says user data was not leaked, contrary to reports --The Verge
https://www.theverge.com/2021/4/11/22378302/personal-information-1-million-clubhouse-users-leaked-privacy-security

Data of more than 1 million Clubhouse users leaked online: Report | HT Tech
https://tech.hindustantimes.com/tech/news/data-of-more-than-1-million-clubhouse-users-leaked-online-report-71618109381850.html

On April 10, 2021, the IT news site CyberNews reported that 'a SQL database containing 1.3 million data extracted from Clubhouse was released for free.' The data extracted from Clubhouse reportedly includes user IDs, names, photo URLs, usernames, Twitter and Instagram IDs, followers, followers, account creation dates, and profile names of invited users. It is said that information such as was included.



Clubhouse, on the other hand, told Twitter: 'This is a misleading and false statement. Clubhouse has not been compromised or hacked. The data mentioned here is the profile information published on the app. , Everyone can access it from the app through the API. '



In addition, 'even Paul Deibison CEO of the Clubhouse to the overseas media · The Verge (reports that data from the Clubhouse has been spill) is an article that was accidentally misleading, click bait this was a true article .Clubhouse has been hacked Not that, the allegedly leaked data is also the profile information published in our app, so the answer to the question of whether the data was leaked from Clubhouse is clearly 'no'. ' did.

In response to this Clubhouse explanation, CyberNews said, 'Sure, the leaked SQL database did not contain sensitive data such as credit card information or legal documents. However, the public profile Even if it's information, the privacy stance of Clubhouse, which allows anyone to collect information on a large scale, remains questionable. ' He said that there is a risk of hacking that combines data leaked from Clubhouse with data of other SNS such as Twitter, and brute force attacks that randomly attack with leaked ID and password.

On Twitter, 'I can only think that someone used Clubhouse's private API to search for user IDs in order from 1 and extract the data. From a technical point of view, I see nothing. It can be said that there is no place to go. '



An opinion was posted saying, 'Just because the API data has been released does not mean that it does not infringe on privacy.'

in Software,   Web Service,   Security, Posted by log1l_ks