01 logo

Clubhouse Replied: No Hack Involved, Personal Data is Publicly Available

Another Wake-up Call for Re-thinking Privacy and Social Media Platform.

By Z3n Ch4nPublished 3 years ago 4 min read
Like

Facebook, Linkedin, Clubhouse

Since the invite-only and audio-only social media app launch in March 2020, Clubhouse became popular and attracted millions of users. Users enjoy the audio community with various topics in "rooms."

I talked about the privacy and security risk of the app in February. If you still remember, Elon Musk helped Clubhouse leap during the frenzy of Gamestop, Wallstreetsbets, and Dogecoin. While the risks are still valid and not fixed, the personal data of 1.3 million Clubhouse users has been posted online on a popular hacker forum, according to a Saturday report from Cyber News.

The scraped data of Clubhouse users includes names, social media profile names, and other details. Data leaks of Linkedin, another social media platform, were also reported by Cyber News the same day. The Scraped data contains 500 million LinkedIn users.

The Problem

Days before reports surfaced of the LinkedIn and Clubhouse data leaks, Insider's Aaron Holmes reported that the hacker posted the full names, location, email addresses, and other sensitive pieces of information of 533 million Facebook users in a hacking forum.

Nearly everything I heard what Facebook or Zuckerburg said only piss more people off than apologies. It is like it was our fault putting all data on Facebook.

But in fact, if you look a little bit deeper into the design and terms of use in Facebook, you would find out that nearly every part of Facebook encourages you to give up more data in exchange for more features and connections.

I did a little bit of research and wrote about the top two "hidden" features of Facebook that users should be aware of and be careful even you are offline in the physical world, or someone who does not have Facebook but actively connecting with people who have (that means all of us!).

I cannot emphasize more how Facebook is irresponsible about handling before and after this incident. If you are still on Facebook, make sure you know how to prevent being over-exposed.

On the one hand, Clubhouse did not officially respond immediately to the news, but they post the following tweet as a reply on Sunday.

That is great again, and I got the same feeling as Facebook's reply and found it amazing that Clubhouse thought the report is "false." Even if the data can be scraped via API, it doesn't mean they are not personal data.

There is no need to ask a security expert that you know someone can use those data to impersonate the user or scam them into revealing more sensitive data like password credentials and bank accounts via social engineering. I was also a victim of the recent Facebook data lask even I stopped using Facebook in 2016.

Do What Tim Said

Tim Ferriss post a video yesterday sharing how he uses a mobile phone. It is worth watching if you want to re-think how to use social media and why we need a new approach on this app.

Let's walk through his rules:

  • No email app on his phone
  • No social media apps on this phone
  • Airplane mode and silent mode when you need 100% focus

In short, you should know that social media platforms spend tons of money to lure us in and exploit our FOMO (Felling Of Missing Out) so that we cannot stop looking at it. That's why you spend more time in the toilet or didn't talk to your friends when having a meal.

Tim bought out the concept of "Friction Points" to tackle the addicting apps. Ultimately what it is trying to do is make the user experience less pleasant so that we are not that addicted.

Final Words - It's Time To Protect Yourself; Even You Have Nothing To Hide

People think only criminals need to hide. Sadly, they do not know Privacy is our right.

For our digital self, we should value our data as the real world. We have vaults to store our personalized jewelry, and we only share our financial records with the bank.

There is no 100% anonymity on the internet. Every time you tap on your phone, you leave some traces. But it is not about being invisible to others because it would be impossible to interact with others.

All the privacy protection tools do not immediately make you anonymous, but your awareness did. We need to, at least, try our best, take back control of our data. Privacy is fundamental to the internet and net neutrality. We should prepare ourselves for the next Big Tech company, saying that we want more and say no this time.

---

Thank you for reading. May InfoSec be with you🖖.

cybersecurity
Like

About the Creator

Z3n Ch4n

Interested in Infosec & Biohacking. Security Consultant. Love reading and running.

hackernoon.com/u/z3nch4n

Reader insights

Be the first to share your insights about this piece.

How does it work?

Add your insights

Comments

There are no comments for this story

Be the first to respond and start the conversation.

Sign in to comment

    Find us on social media

    Miscellaneous links

    • Explore
    • Contact
    • Privacy Policy
    • Terms of Use
    • Support

    © 2024 Creatd, Inc. All Rights Reserved.