1.3 million Clubhouse users have their personal data leaked

For those who have been fast asleep for the last few months, one of the fastest growing apps has been Clubhouse. It is an audio-only chatroom and at the moment it requires an invitation to join. It also is only available for iOS and a version for Android is reportedly months away.

Cybercrooks have used Clubhouse for some of their nefarious schemes including one we told you about yesterday. Fake ads on Facebook attempted to get victims to join the non-existent Clubhouse for PC. Signing up for this fake software resulted in malware being sent to users' devices although the ads have been discontinued.

The latest issue to pop up around Clubhouse is a major leak that exposed 1.3 million scraped user records. The incident occurred a few days after more than one billion user records from Facebook and LinkedIn were offered for sale online. The difference is that the Clubhouse records were leaked for free on a widely read hacker site.

The data that was leaked included a subscriber's User ID, Name, Photo URL, Username, Twitter handle, Instagram handle, Number of followers, Number of people followed by the user, Account creation date and the user profile name used by the person who invited this subscriber. In other words, it is a treasure trove of information for hackers.

Clubhouse has responded by saying that it has not experienced a data breach and that some of the information supposedly leaked has been available for free via the company's API. That alone brings up some questions about the user privacy policy put into place by Clubhouse. Why should there be a need for all of this data to be available (financial information like credit card numbers were not included)?

Cybernews suggests that uses beware of responding to suspicious messages, "phished" texts and emails and connection requests. Create strong passwords and consider the use of a password manager. And use two-factor authorization (2FA) for all of your online accounts.