U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Personal data of 1.3 million Clubhouse users leaked online

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3 million Clubhouse users was leaked online days after LinkedIn and Facebook also suffered data leaks. The […]

Clubhouse

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks.

Researchers from Cyber News have discovered that the personal data of 1.3 million Clubhouse users was leaked online days after LinkedIn and Facebook also suffered data leaks.

The experts found an ad on a hacker forum offering for free a SQL database containing 1.3 million scraped Clubhouse user records.

“Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum.” reported CyberNews.

Clubhouse
Source CyberNews

The leaked records include Clubhouse user IDs, names, usernames, Twitter handles, Instagram handles, number of followers, number of people followed by the users, accounts’ creation date, and invited by user profile names. Financial data was not included in the data leak.,photo URLs

The experts reported their findings to the company, but at the time of this writing, Clubhouse has yet to confirm the authenticity of the exposed data.

Leak data could be abused by threat actors to carry out malicious activities, such as phishing/spear-phishing attacks, identity theft, and scams.

“The leaked SQL database only contains Clubhouse profile information – we did not find any deeply sensitive data like credit card details or legal documents in the archive posted by the threat actor. With that said, even a profile name, with connections to the user’s other social media profiles identified and established, can be enough for a competent cybercriminal to cause real damage.” continues the experts.

In February, an attacker demonstrated that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website.

Clubhouse is an invite-only social media app launched in March 2020 that allows its users to participate in audio conversations, or “rooms,” talking about various topics. The app is becoming even more popular, analysts evaluated the value of the company at some billions.

Clubhouse users should follow these simple recommendations:

  • Watch out for suspicious Clubhouse messages and connection requests from strangers.
  • Be vigilant on potential phishing messages that ask you to provide information.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Clubhouse)

[adrotate banner=”5″]

[adrotate banner=”13″]