The data of 1.3 million Clubhouse users leaked online. Should I be worried?

There is no personal or confidential data in the leak, but this information can be used for phishing attacks and password guessing.


It was the worst week for social platforms, which faced massive user data breaches. First, the Facebook and LinkedIn databases were leaked to the Internet, and now Clubhouse has suffered a similar fate. Several media outlets announced that a database of 1.3 million Clubhouse users with various information was posted on one of the hacker forums.

What information does the leak contain?

As it became known, all data was obtained by parsing social network profiles and, in fact, is open information that can be easily obtained through the API. It turns out that there is no need to panic, but it is still worth taking precautions.

Pasted 15

The database contains usernames and IDs, profile photos, account creation dates, number of subscribers and subscriptions, IDs of inviting users, information about linking Twitter and Instagram accounts.

What can this affect

There are two options for how cybercriminals can use data from leaked files against Clubhouse users. The first is to carry out spear phishing or other types of social engineering attacks. The second is related to the selection of passwords for Clubhouse accounts. The leak does not contain confidential data, but there are links to user profiles on other social networks, and this may be enough for a more or less competent attacker to create a real threat.

Pasted 16

For example, you can combine information found in this breach with other data breaches to create detailed profiles of potential victims. With this information, attackers can launch more serious attacks or steal personal data.

What needs to be done

First, it is advisable to check if the email address has been compromised, this can be done on Have I Been Pwned or CyberNews . You should beware of suspicious messages in the Clubhouse and connection requests from strangers, as well as not following links. Be sure to change the password for your account and enable two-factor authentication. It is better to use password managers for these purposes.

All TechWeek writers are indepentent and from many different countries. Some english misspelling and grammar mistakes may occur. Report article.

We are experiencing some technical difficulties. Some articles and reviews are missing sources.

Tech Week