Clubhouse, the voice-based chat app, has denied allegations of a data breach that started doing rounds on the internet last week. The clarification came after a cybersecurity expert claimed that a database of 3.8 billion phone numbers purportedly belonging to Clubhouse users is up for sale on the Dark web. In a tweet, expert Jiten Jain had also attached a screenshot from the hacker who claims that the database includes users’ cellphone, fixed, private, and professional phone numbers. The screenshot further notes that “Clubhouse is connected in real time to all their users’ phonebooks meaning each time you add a new phone number in your phonebook, the number is automatically added into the secret database of Clubhouse. " The hacker claimed that the data is valued at $3 billion, that also includes numbers of “most influential" people in the world. The allegations came days after Clubhouse dropped its invite-only status and opened the platform to all users.
In a statement to news agency IANS, Clubhouse denied these claims and said, “there are a series of bots generating billions of random phone numbers." Speaking over the alleged “secret database of Clubhouse," the company clarified saying, “in the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user identifiable information." Jain has not yet responded to Clubhouse’s counter after his initial tweet over the so-called data breach.
Notably, several experts have also weighed in on the issue, rubbishing the hacker’s claims. Security researcher Rajshekhar Rajaharia told the news agency this list of phone numbers, like in this case, can be generated very easily, and the data leak claim appears fake. Another researcher Sunny Nehra noted that the threat actor is quite new on that forum, is least active, and habitual to making such “lame claims." Earlier in April, Clubhouse denied another breach allegation after a report claimed that a database containing 1.3 million scraped records of the platform’s users were posted on a popular hacker forum.
And this one even more lame. Just providing a random japan numbers list ♂️ as a sample.
— Sunny Nehra (@sunnynehrabro) July 24, 2021
Overall, Clubhouse users do not need to worry about their data at the moment; however, it is imperative to follow recommended cybersecurity practices. While you can check whether your data is compromised via sites like Have I Been Pwned, it is crucial to keep strong passwords. Users must also keep updating passwords and add two-factor authentication wherever is possible.