1.3 million Clubhouse accounts had their public data scraped and it was available online for free
Clubhouse notes that “anyone” could get this data.
First reported by CyberNews, 1.3 million Clubhouse accounts had user IDs, names, photo URLs, usernames, Twitter handles, Instagram handles, and more scraped and compiled into an SQL database. Thankfully, it seems all of the data that was scraped was publicly available, but still, having large data sets of information can help bad actors tie that information to other, possibly less-public information.
Clubhouse has released a statement acknowledging the scrape but is minimizing its importance, noting that “anyone” could get this data through its API.
I would be hard-pressed to agree that this mass data indexing could be accessed by “anyone,” but it is comforting to see that the information gathered is all public information and not sensitive info like email addresses and passwords.
It will be interesting to see how the EU reacts to this in regards to the GDPR. Having this type of information available “publicly” looks to go against regulations and it is quite possible that Clubhouse will face a large fine for this.
You can use CyberNews‘ tool to see if your data was included in the scrape.
- Was your phone number leaked in the Facebook data breach? Here’s how to check
- Twitter apparently explored options to buy Clubhouse for $4 billion
- Facebook’s first shot at a Clubhouse competitor is Hotline, a Q&A platform
- Popular web browsers are leaking your personal data – these private browsers put an end to that