Clubhouse, the live audio-only social network, reportedly had its servers hacked last week, with more than 1.3 million user records leaked online. Or at least that’s what CyberNews wrote on April 10. It didn’t take long at all for Clubhouse to shoot down this report.
The company’s official Twitter account writes that the CyberNews information is “misleading and false.” All the information included in that report — users’ names, social media handles, number of followers, and photo URL — is all public profile information, Clubhouse says. It’s all accessible via the app or the company’s official API.
Clubhouse has had a huge year thus far, with such monumental success that even the likes of Spotify and Facebook are testing their own clone services. A hack of this size would have been crushing for the trust still being built between Clubhouse and its users. So it’s great that the company’s databases haven’t been hacked — but Clubhouse’s response raises plenty more questions about the platform’s security.
All but certainly false — There’s very little evidence pointing to this “hack” being a pressing cybersecurity issue. Besides taking to Twitter, the company’s CEO also spoke against the CyberNews report at a town hall Sunday.
“No, this is misleading and false, it is a clickbait article, we were not hacked,” CEO Paul Davison said, according to The Verge. The data referred to was all public profile information from our app. So the answer is a definitive ‘no.’”
Davison’s assessment of the article as misleading and clickbait-y is very fair. CyberNews has used this tactic in the past — just last week the site reported that LinkedIn data for 500 million users was being sold online. According to LinkedIn, none of the data collected was private, which makes the issue much less pressing than CyberNews is making it out to be.
Is this problematic for users? — The internet is on high alert for data breaches right now, thanks in no small part to the massive data breach at Facebook that affected more than 533 million users across 106 countries. Clubhouse doesn’t deny that user data is being posted online in mass quantities — just that none of that information was private.
This raises some intriguing questions about Clubhouse’s user data. Why is so much of that information readily available for the public? With the right tools and background knowledge, it’s all too easy for a malicious user to gather this information. That information, in the wrong hands, could be plenty to start phishing scams and other attacks.
CyberNews certainly played up the hacking angle of this story, but the bottom line is that a huge swath of Clubhouse’s user data was posted on a forum. The company will need to deal with that transparently — rather than simply waving it away — if it hopes to keep its users’ trust.