Clubhouse leaked data trove including phone numbers isn’t as bad as it sounds

The social audio app has denied that it was breached in July, saying its network was merely scraped by a bot.

Clubhouse Drop-in audio chat app logo on the App Store is seen displayed on a phone screen in this i...
NurPhoto/NurPhoto/Getty Images

More than 3.8 billion pieces of data from Clubhouse are up for sale on the dark web, according to a news report by the outlet CyberNews. But it’s not the type of valuable leak that it might sound like.

The social audio app made headlines back in July when news came out that data from the network had appeared on hacker forums. At the time, CEO Paul Davidson said that the app wasn’t hacked but rather someone had used a bot to crawl its API and collect public information on every user in its database. But now, CyberNews has published a story saying that the trove of data being sold includes not just usernames and emails, but also private phone numbers.

Social hacks — That would suggest that Clubhouse really was hacked, but it isn’t so. The company told Input in a statement that the phone numbers, which aren’t associated with a particular account in the leaked database, were generated by a series of bots. The “hackers” would submit those numbers to a Clubhouse API and if the number was in Clubhouse’s system, it would return a number indicating how many contacts that phone number is connected with the app. It’s akin to robocalling all possible numbers and logging the ones that pick up. No user-identifiable data is returned.

It’s worth keeping in mind that CyberNews earlier reported on a so-called hack of LinkedIn that concerned data that was actually readily available on users’ public profiles. Though, data from Clubhouse like email addresses could theoretically be used in phishing attempts. Be careful responding to any emails you receive from the company, especially if it prompts you to log into your account.

Still, the data doesn’t seem terribly valuable unless phone numbers were associated with a particular account, which doesn’t appear to be the case. The dark forum poster is asking $100,000 for the data, though also suggests they’ll sell portions for less.

Social audio — Clubhouse exploded during the pandemic as people looked to connect from a distance. The app allows people to host audio chatrooms where people can come and go. Many of the conversations are fireside-style chats, but there have also been gameshows and other freewheeling-type discussions that have taken place in the app. Clubhouse is facing waning demand, though, as vaccination rates climb along with in-person events, and competition from major platforms like Twitter doesn’t help.

Clubhouse yesterday launched a new, more intimate feature called “Wave” which allows users to wave at their friends to invite them into a private hangout room. That could expand its use cases beyond public discussions where there’s more pressure to be entertaining.