Clubhouse data leak: 1.3 million scraped user records leaked online for free

[Artifact]

So far, it seems like it’s been the worst week of the year for social media platforms in terms of data leaks, with Clubhouse seemingly joining the fray.
Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.
What was leaked?
The leaked database contains a variety of user-related information from Clubhouse profiles, including:

• User ID

• Name

• Photo URL

• Username

• Twitter handle

• Instagram handle

• Number of followers

• Number of people followed by the user

• Account creation date

• Invited by user profile name

Example of leaked data:

Update
Clubhouse has responded saying they have not experienced a breach of their systems and said that the data is already publicly available and that it can be accessed via their API which raises some questions about the privacy stance of the company allowing for anyone to gather even public profile information on a mass scale. We have sent some follow up questions regarding their API policy and will update when we have more information.

What’s the impact?
The data from the leaked files can be used by threat actors against Clubhouse users in multiple ways by:

• Carrying out targeted phishing or other types of social engineering attacks.

The leaked SQL database only contains Clubhouse profile information – we did not find any deeply sensitive data like credit card details or legal documents in the archive posted by the threat actor. With that said, even a profile name, with connections to the user’s other social media profiles identified and established, can be enough for a competent cybercriminal to cause real damage.
Particularly determined attackers can combine information found in the leaked SQL database with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum.
Next steps
If you suspect that your Clubhouse profile data might have been leaked by threat actors, we recommend you:

• Use our personal data leak checker to find out if your email has ever been leaked.

• Beware of suspicious Clubhouse messages and connection requests from strangers.

• Consider using a password manager to create strong passwords and store them securely.

• Enable two-factor authentication (2FA) on all your online accounts.

Stay tuned for more information
Our investigation of the Clubhouse leak is ongoing, and we will update the story as it unfolds.
In the meantime, consider using our personal data leak checker with a library of 15+ billion breached accounts to find out if any of your online accounts have been leaked in previous breaches.
Also, watch out for potential phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.