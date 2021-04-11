First Facebook, then LinkedIn, and now ClubHouse: 1.3 million users’ personal data has allegedly been leaked. What a week for social media!

The figure of hacked social media accounts it continues to grow, although those affected do not seem to care too much, because the number of users of these social networks is also growing. It’s no wonder Facebook doesn’t even bother to apologize for the data breach anymore.

In just one week, the personal data of 500 million Facebook users and 533 million LinkedIn users is sold to the highest bidder in cybercriminal forums. And we talk about critical data like names and phone numbers.

The black market for personal data is so oversaturated that they are even being given away. In a well-known hacker forum, a file has appeared to download for free, which supposedly contains personal data of 1.3 million accounts of the fashion social network, ClubHouse.

Club House is a new social network that has attracted attention because it is an audio-only chat: no video, no text.

Although it can only be accessed by invitation and only works on iOS, you already have more than 10 million users. And despite not being an open network, supposedly cybercriminals have managed to hack 1.3 million ClubHouse accounts.

The security website CyberNews has discovered in a well-known hacker forum a file that supposedly contains the personal data of 1.3 million ClubHouse accounts:

They have been examining the contents of the file and, indeed, it is about a database in SQL containing data from more than a million accounts. They cannot confirm that they are ClubHouse accounts, that can only be done by the company itself, which has not yet issued any statement or responded to requests for information from the media.

The data included in the assumption CloudHouse hack they are not critical, as there is no data such as phone numbers or credit cards. But they are worrisome because they can be used to prepare phishing attacks, to impersonate the personality, or to cross them with the data of other hacks and create more accurate profiles of a person.

This is the filtered data:

User identification code Real name Profile photo User name Twitter user name Instagram user name Number of followers Number of people you follow Account creation date User who invited you to ClubHouse

As we can see, there is data that can be used to create phishing attacks where an email or a message on Twitter or Instagram calls you by your real name and impersonates ClubHouse or another user who knows you at ClubHouse.

Cybercriminals tend to cross data from different hacks to different networks, knowing that most people use the same names and passwords on different social networks, to gain real access or further personalize a phishing attack. So you always have to use different names and passwords in each social network.

As we have commented, at the moment ClubHouse has not responded to this alleged hack.