Clubhouse denies report of data leak affecting 1.3 million users
Social media company says that the data referred to is all public profile information that can be accessed via their app or API
Audio-based social media app Clubhouse stated on Sunday that the media reports claiming data leak of its 1.3 million users are misleading and false.
In a brief message on Twitter, the company said that its database "has not been breached or hacked".
"The data referred to is all public profile information from our app, which anyone can access via the app or our API," the company said.
Asked at a recent town hall about the data leak, Paul Davison, the CEO of Clubhouse, said that there was no leak of personal user data, and that the answer to that question is "a definitive 'no'".
"This is misleading and false, it is a clickbait article, we were not hacked," he said, according to The Verge.
On Saturday, CyberNews reported that an SQL database containing 1.3 million scraped Clubhouse user records had leaked for free on a popular hacker forum.
The details leaked on the forum included user names, IDs, Photo URL, account creation date, Instagram and Twitter handles and follower counts, and the number of people followed by the user.
CyberNews noted that the leaked SQL database seemed to contain only Clubhouse profile information, and no highly sensitive data such as legal documents or credit card details were found in the archive posted by the hacker.
However, the report warned that the threat actors could use the exposed data to carry out targeted phishing or other types of social engineering attacks against Clubhouse users.
Clubhouse is increasingly becoming popular, despite being an invite-only app that is currently available only on iOS devices. The app has seen over 10 million downloads since launch, and its popularly has also prompted other social media platforms including Twitter, Facebook, Spotify and Discord to introduce their own versions of audio-based social networking service.
The news of Clubhouse's reported data leak came just a couple of days after it was discovered that personal details of millions of LinkedIn users' were allegedly posted on a popular hacking forum.
CyberNews claimed last week that a data archive apparently scraped from 500 million LinkedIn profiles had been put up for sale online. To prove that the data is legitimate, the poster also included nearly 2 million records as a sample, which forum members could view for $2 worth of forum credits.
The hacker who posted the data was reportedly asking for a minimum "four-digit" sum for access to the full 500 million-user database.
LinkedIn said that it was not a data breach but "an aggregation of data from a number of websites and companies".
The company said that no private member account data from LinkedIn was included in the leaked data.
Prior to that, the personal details of more than 533 million Facebook users from 106 countries were also reported to have leaked online.
A Facebook spokesperson told Reuters that the company had no plans to notify over half a billion users as the company was not confident that it had full visibility on which users would need to be informed.
The spokesperson said that Facebook also took into account that "data was publicly available" and it was not possible for users to fix the issue at their end.