A cybercriminal announced on a dark web forum the sale of 1.3 million allegedly leaked records for the Clubhouse app. The information consists of publicly available and non-confidential data, such as passwords, the company said. The so-called leak may, in fact, only be a fragment of information available and open to the public and captured by a scraping robot. Clubhouse CEO Paul Davison said today that the leak claim was “false”.
The “leaked” data would be as follows:
- User ID
- Photo URL
- Twitter identifier
- Instagram identifier
- Number of followers
- Number of people followed by the user
- Account creation date
- Invited by (user profile name)
None of the information is private or confidential. All information is publicly available. The method used to obtain the information does not appear to have been due to a security lapse. According to security researcher Jane Manchun Wong, this appears to be a relatively simple download of publicly available information.
Davison sent an email to “The Verge” saying: “No, this is misleading and false (…) we were not hacked. The data referred to was all public profile information for our application. Therefore, the answer is a definite ‘no’.
Clubhouse is an invite-only social media app, launched in March 2020, has become a popular platform and has attracted millions of users. Its audio community allows users to tune in to conversations, or “rooms” on various topics. The company is reportedly in talks for a financing round that could raise its value to $ 4 billion.
With international news agencies
See the original post at: https://www.cisoadvisor.com.br/vazamento-noticiado-do-clubhouse-na-verdade-e-um-data-scraping/?rand=59039