On April 10, Clubhouse posted a statement on Twitter debunking the fast-spreading news: “This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.”
What is Clubhouse and how it is changing social platforms for the betterClubhouse data spill — privacy breach on invite-only app raises concernsLaptops with the longest battery life in 2021
Clubhouse CEO debunks Clubhouse data breach reports
In late February, Clubhouse confirmed that it had a data spill. However, it’s not what you’re thinking. A malicious hacker didn’t exploit a Clubhouse vulnerability and expose users’ private information. Instead, a Clubhouse member was caught streaming private conversations from the app, which is a violation of the app’s terms of service. This wasn’t the first time this happened; you could find Elon Musk’s Clubhouse interview online as well as other leaked audio snippets. With concerns about whether Clubhouse can effectively silo its private audio sessions, the last thing the voice-based social network needs is a data breach. On Saturday, Cyber News reported Clubhouse fell victim to hacking; the news outlet claimed records from 1.3 million users got leaked. According to Clubhouse’s CEO, the data leak reports are bogus. According to The Verge, during a town hall over the weekend, Davidson said, “No, this is misleading and false. It is a clickbait article. We were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no.’” Cyber News claimed a hacker posted Clubhouse’s SQL database on a leak-sharing forum. It contains users’ photo URL, user ID, name, username, Twitter handle, Instagram handle, number of followers, number of people followed by the user and account creation date. Cyber News updated its article after a Clubhouse tweet called it out for publishing “misleading and false” information, admitting the “breach” doesn’t contain sensitive data such as credit card details nor legal documents. However, the Cyber News team still believes the scrape is a cause for concern: “With such information in hand, [hackers] can stage much more convincing phishing and social engineering attacks, or even commit identity theft against the people whose information has been exposed.” While I understand Cyber News’ point, calling the SQL database retrieval a breach implies confidential and protected information was exposed, however, as Davidson pointed out, all of the information that was collected is already publicly available. “Data scrape” is a more fitting term. Clubhouse did not immediately reply to a request for more information.