3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Pierluigi Paganini September 24, 2021

A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records.

Original Post @CyberNews https://cybernews.com/security/3-8-billion-allegedly-scraped-and-merged-clubhouse-and-facebook-user-records-put-for-sale-online/

  • A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records.
  • The database was allegedly compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse ‘secret database’ with users’ Facebook profiles.
  • The compilation appears to include names, phone numbers, and other data.

The poster is asking $100,000 for the full database of 3.8 billion entries but is also willing to split the archive into smaller portions for potential buyers.

According to the post created on September 4, the database also contains profiles of users who don’t have Clubhouse accounts, whose phone numbers might have been acquired by threat actors due to the company’s past insistence that users share their full contact lists with Clubhouse to use the social media platform.

Clubhouse Facebook scrape compilation - forum post

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What’s in the Clubhouse/Facebook compilation?

The compilation was allegedly created following the July 24 Clubhouse scrape, where a ‘secret database’ of over 3.8 billion phone numbers, which were allegedly scraped from breached Clubhouse servers, was put for sale on a hacker forum. The numbers purportedly belonged to Clubhouse users and people from their phone contact lists.

The poster claims that the database contains 3.8 billion user records that include names, phone numbers, Clubhouse ranks, and Facebook profile links.

While we were not able to confirm if the database is genuine, the possibility that a threat actor could combine leaked Facebook profile data with other leaks is by no means zero.

It should also be noted that Clubhouse is no stranger to privacy lapses as well, as evidenced by the social media platform’s lax stance on mass scraping that potentially resulted in data from 1.3 million Clubhouse profiles being shared online.

Is this a big deal?

Prior to this compilation, the allegedly scraped Clubhouse phone numbers, which were posted without any additional information about the users, were practically useless to threat actors. As a result, the previous Clubhouse scraped was marked as a ‘bad sample’ on the forum and failed to spark any interest from scammers.

Now, however, the expanded compilation – if genuine – “could serve as a goldmine for scammers,” says CyberNews senior information security researcher Mantas Sasnauskas. According to Sasnauskas, they would gain access to a lot more contextual information about the owners of the leaked phone numbers, including usernames, locations based on phone number suffixes, their Clubhouse network sizes, and Facebook profiles.

This means that it would be much easier for scammers to run localized mass campaigns and craft personalized scams based on the data gleaned from the potential victims’ Facebook profiles.

“People tend to overshare information on social media. This could give insights for scammers on what vector to employ to run their scams successfully by, for example, calling people with the information they learned from their Facebook account,” says Sasnauskas.

As a result, the poster who allegedly expanded the compilation is hoping to capitalize on an old scrape and ask for a higher price.

What does this mean for you?

Judging from the hacker forum post, the author of the compilation wasn’t able to sell the entire database and is still looking for buyers. With that said, the database could be sold piecemeal.

If genuine, the data from the compilation can be used by threat actors against potential victims in multiple ways by:

  • Carrying out targeted phishing and other social engineering campaigns.
  • Spamming 3.8 billion phone numbers and Facebook profiles.
  • Brute-forcing the passwords of the affected Facebook profiles.

If you suspect that your Clubhouse or Facebook profile data might have been scraped by threat actors, we recommend you:

Also, watch out for potential phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.

About the author: CyberNews Team

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Clubhouse)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment