ClubHouse could have been hacked, personal data of 1.3 million accounts leaked
First Facebook, then LinkedIn, and now ClubHouse: 1.3 million users’ personal data has allegedly been leaked. What a week for social media!
The figures of hacked social media accounts it continues to grow, although those affected do not seem to be affected too much, because the number of users of these social networks is also growing. It’s no wonder Facebook doesn’t even bother to apologize for the data breach anymore.
In just one week, the personal data of 500 million Facebook users and 533 million LinkedIn users is sold to the highest bidder in cybercriminal forums. And we talk about critical data like names and phone numbers.
The black market for personal data is so oversaturated that they are even being given away. In a well-known hacker forum, a file has appeared to download for free, which supposedly contains personal data of 1.3 million accounts of the fashion social network, ClubHouse.
ClubHouse is a new social network that has attracted attention because it is an audio-only chat: no video, no text.
Although it can only be accessed by invitation and only works on iOS, you already have more than 10 million users. And despite not being an open network, supposedly hackers have managed to hack 1.3 million ClubHouse accounts.
The security web CyberNews has discovered in a well-known hacker forum a file that supposedly contains the personal data of 1.3 million ClubHouse accounts:
They have been examining the contents of the file and, indeed, it is about a database in SQL containing data from more than a million accounts. They cannot confirm that they are ClubHouse accounts, that can only be done by the company itself, which has not yet issued any statement or responded to requests for information from the media.
The data included in the assumption CloudHouse hack they are not critical, since there is data such as telephone numbers or credit cards. But they are worrisome because they can be used to prepare phishing attacks, to impersonate the personality, or to cross them with the data of other hacks and create more accurate profiles of a person.
This is the filtered data:
- User identification code
- Real name
- Profile picture
- Twitter username
- Instagram username
- Number of followers
- Number of people you follow
- Account creation date
- User who invited you to ClubHouse
As we can see, there is data that can be used to create phishing attacks where an email or a message on Twitter or Instagram calls you by your real name and impersonates ClubHouse or another user who knows you at ClubHouse.
Cybercriminals tend to cross data from different hacks to different networks, knowing that most people use the same names and passwords on different social networks, to gain real access or further personalize a phishing attack. So you always have to use different names and passwords in each social network.
As we have commented, at the moment ClubHouse has not responded to this alleged hack.