I swear it was only yesterday that everyone and their granny was battling it out to gain an invite to the Clubhouse app. However, according to reports, Clubhouse has experienced a data breach.
And even if you haven’t formed a Clubhouse account yet, there’s a good chance that your phone number has been exposed.
For those of you who are unfamiliar with Clubhouse, it is a live audio-chatting application that allows users to establish rooms and communicate in real time (think of voice-based Yahoo Chat Rooms). And Clubhouse was able to generate a lot of interest by playing hard to get — initially restricting access to iPhone users to those who had received an invitation exclusively, before opening its doors to Android users more recently.
Clubhouse has also been accused of a database breach by a few security researchers on Twitter, with at least phone numbers of its members (and possibly more) being made available for sale on the Darknet, a shadowy underbelly of the Internet that is concealed from the majority of web surfers.
The mysterious seller of the alleged Clubhouse database claims “Clubhouse is connected to all their users’ phonebooks”. Each time you add a phone number in your contacts list, “the phone number is automatically added into the secret database of Clubhouse” the post further claims.
3.8 billion phone numbers of people who haven’t yet joined up for Clubhouse could be included in the allegedly breached database since their phone number is in the phonebook of a Clubhouse user, a situation that has been described as “horrific.” For the time being, at least, such is the allegation.
The clubhouse hasn’t said anything as of yet.
For the time being, let us just remark that we haven’t had an opportunity to check over the supposed Clubhouse database. A quick check on Have I Been Pwned — a service that records hacked email addresses and phone numbers across publicly available data breach lists — revealed that the Clubhouse attack had not yet been reported to the authorities.
Of course, no official statement has been issued by Clubhouse on the suspected data breach as of yet. Accusations that personal data of 1.3 million Clubhouse customers had been exposed through the app were rejected by Clubhouse CEO Paul Davison in April 2021, calling the reports "false and deceptive."