Threat actor offers Clubhouse secret database containing 3.8B phone numbers

A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers.

Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands of people. The audio-only app hosts live discussions, with opportunities to participate through speaking and listening.

Conversations are prohibited by Clubhouse’s guidelines from being recorded, transcribed, reproduced, or shared without explicit permission.

As of April 2021, venture capitalists valued Clubhouse at nearly $4 billion in a funding round.

A threat actor has started offering for sale on hacking forum the secret database Clubhouse containing 3.8 Billion phone numbers.

According to the threat actor, the company “save/steal the phonebook of each user” in a secret database that it is offering for sale.

The seller claims the secret database contains 3.8 billion phone numbers (cellphones + fixed + private + professionals numbers.) and each number is ranked by a score (Number of Clubhouse users who have this phone number in their phonebook).

The threat actor published a link to a sample of data contained in the database, Phone numbers belonging to over 83.5M Phone numbers of Japanese users.

In April 2021, researchers from Cyber News discovered that the personal data of 1.3 million Clubhouse users was leaked online.

The experts found an ad on a hacker forum offering for free a SQL database containing 1.3 million scraped Clubhouse user records.

“Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum.” reported CyberNews.

The leaked records included Clubhouse user IDs, names, usernames, Twitter handles, Instagram handles, number of followers, number of people followed by the users, accounts’ creation date, and invited by user profile names. Financial data was not included in the data leak.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ClubHouse)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.