Clubhouse Confirms Audio Data Spillage
The Claim
The Clubhouse database was hacked and experienced a data breach.
News posted on
Emerging story
Following the launch of Clubhouse, a new social network app, claims that the app has been hacked have been circulating online. Twitter users raised concerns about the app's security.
Breaking news: Clubhouse audio getting hacked. Coming out of China. Story Developing cc @siliconangle
— Zeyad ALshammari, PhD (@zeyad9999) February 23, 2021
Make sure that your account was not been hacked. Good Luck, I hope you get your account back soon. I enjoyed your rooms in the clubhouse. You are a great man.
Warnings over Clubhouse "conversations being listened to and leaked on a third-party website" are also making rounds on social media.
#ClubHouse confirmed that over the weekend a user was able to #breach “multiple” room audio feeds and stream them on a third-party website.https://t.co/BYmPp7G2wg
— Threatpost (@threatpost) February 22, 2021
Clubhouse social media platforms have been hacked, and raised concerns about security
— Tech 4 Peace in English (@Tech4Peace1) February 23, 2021
Prepared by: Muhammad Al-Maskati, Digital Security Adviser
A week after the popular voice chatroom app Clubhouse announced that it took serious steps to ensure that user data won’t
(1-8) pic.twitter.com/p3aHT9Zoe6
Misbar’s Analysis
Misbar's investigation found that Clubhouse confirmed news of a leak to Bloomberg. However, Clubhouse apparently experienced a data leak, not a breach, when a third-party developer designed an open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service.
Cybersecurity expert Raed Samour confirmed to Misbar that Clubhouse faced a data spillage, not a breach. What simply happened was an "unidentified user" was also able to stream audio feeds over the weekend from "multiple rooms" into the person’s own third-party website. In other words, "a user had realized that it was possible to be in multiple chat rooms at once." Samour explained to Misbar that a "data spillage" is different from a "data breach," since data breaches are deliberate and usually carried out by someone hacking into a system to steal data.
However, personal data information for Clubhouse users was not leaked.
Clubhouse is still on a beta version, meaning that the application may witness the same incident again, Samour said.
Reema Bahnasy, a spokesperson for Clubhouse, told Bloomberg that the company has added “safeguards” to prevent another situation wherein audio from their service can be accessed by third parties.
The account associated with the leak has been permanently banned and the app has already added additional safeguards to prevent future data spillages, according to the spokesperson.
Since Clubhouse only experienced a data spillage, not a data breach, we rate this claim as misleading.
