It was the worst week for social platforms, which faced massive user data breaches. First, the Facebook and LinkedIn databases were leaked to the Internet, and now Clubhouse has suffered a similar fate. Several media outlets announced that a database of 1.3 million Clubhouse users with various information was posted on one of the hacker forums.
What information does the leak contain?
As it became known, all data was obtained by parsing social network profiles and, in fact, is open information that can be easily obtained through the API. It turns out that there is no need to panic, but it is still worth taking precautions.
The database contains usernames and IDs, profile photos, account creation dates, number of subscribers and subscriptions, IDs of inviting users, information about linking Twitter and Instagram accounts.
What can this affect
There are two options for how cybercriminals can use data from leaked files against Clubhouse users. The first is to carry out spear phishing or other types of social engineering attacks. The second is related to the selection of passwords for Clubhouse accounts. The leak does not contain confidential data, but there are links to user profiles on other social networks, and this may be enough for a more or less competent attacker to create a real threat.
For example, you can combine information found in this breach with other data breaches to create detailed profiles of potential victims. With this information, attackers can launch more serious attacks or steal personal data.
What needs to be done
First, it is advisable to check if the email address has been compromised, this can be done on Have I Been Pwned or CyberNews . You should beware of suspicious messages in the Clubhouse and connection requests from strangers, as well as not following links. Be sure to change the password for your account and enable two-factor authentication. It is better to use password managers for these purposes.