In a forum in the Darknet, an anonymous user is committed to own a complete set of all telephone numbers from the address birds of Clubhouse users and sell it to a highest bidder. Clubhouse is a special social media service for audio chat rooms. Allegedly, it should be 3.8 billion phone numbers: those of the users of the Clubhouse app as well as all their address book contacts that the app generously not installed at all. But the thing is doubtful and the company Clubhouse has already denied a leaf. The Swiss Security specialist Marc Ruef first reported on Twitter.
Leaker criticizes data collection and hopes for DSGVO
Ruef displays a screenshot of a Darknet forum post in which a user with the immodest name "God" (God) adapted his leak. The allegedly captured 3.8 billion telephone numbers should be mobile and landline numbers of private individuals and "professional" represent. The source is one "Secret database", The Clubhouse "Real time" Update as soon as in the address book of a Clubhouse user a new contact praise. The phone numbers are provided with a score: the Oopter a telephone number in the database detection, the high the value.
The forest user "God" Knowledge in his posting, the record in a private auction on 4. September auction. He will only sell exclusively to a single person and this muse "serious" to be interested in. In fact, the Clubhouse app uses app users to access the phone numbers of people who do not use the service (as doing some messenger services). Has on this procedure "God" A clear criticism: Clubhouse and the coarse digital corporations Google, Apple, Facebook and Amazon gathered and recycled data collected uninvolved users, which violates human rights for protection of privacy. Actually, the EU Data Protection Regulation (English GDPR) must punish companies for these practices – now it is time to observe whether the Regulation Clubhouse actually meet.
Sample data set worthless, Clubhouse denies attack
The Darknet user publishes an example of his collection with 83 million phone numbers from Japan. This sample record has looked more closer to several specialists for IT-Security and come to a devastating verdict: because the sentence contains nothing but unconnected telephone numbers without any further indication of the user identity, it’s nothing worth – and the whole thing is no longer a dizziness. Such a collection of numbers can be used to create just as well by script with random values or compiled from public telephone number directories. Even if there are 3.8 billion phonometers of phone numbers, leave this data collection as well as nothing read out. The moderation in the Darknet forum already has the posting with the hint "Bad Sample" Provided – the sample data are nothing.
The company behind Clubhouse has already looked at the alleged leak and demonstrated an attack on his systems. "There was no data leak at Clubhouse", it is called in an opinion of the company that is our site. "There are a number of bots generating billions of random phone numbers. For the case that one of these random numbers exists due to a mathematical random on our platform, the API of Clubhouse does not give user-identifiable information. Privacy and security are of major importance for Clubhouse and continue to invest in industry-carrying security practices. Clubhouse does not use cookies and does not sell personal data to third parties."
Clubhouse: short hype, lack of privacy and serious leak
The still relatively new app Clubhouse had received rough attention at the beginning of the coronavirus pandemic. It offers live podcasts, originally only with charged participants. Currently about ten million users are registered. First, the Clubhouse app only existed for iOS, meanwhile the Android app has left the test phase. In addition, you do not have to hope for an invitation to an audio chat through a registered user, with the end of the beta test, Clubhouse for all users open.
The service had drawn from the beginning of criticism: for lack of privacy, lack of moderation and because of a missing imprems on the website. Much more serious than the current incident was also a real leak of user data from April of this year: 1.3 million user data from Clubhouse appeared in a forum, including real and profile names and connections to Instagram and Twitter accounts.