Cyber Crime

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records.

Original Post @CyberNews https://cybernews.com/security/3-8-billion-allegedly-scraped-and-merged-clubhouse-and-facebook-user-records-put-for-sale-online/

  • A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records.
  • The database was allegedly compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse ‘secret database’ with users’ Facebook profiles.
  • The compilation appears to include names, phone numbers, and other data.

The poster is asking $100,000 for the full database of 3.8 billion entries but is also willing to split the archive into smaller portions for potential buyers.

According to the post created on September 4, the database also contains profiles of users who don’t have Clubhouse accounts, whose phone numbers might have been acquired by threat actors due to the company’s past insistence that users share their full contact lists with Clubhouse to use the social media platform.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What’s in the Clubhouse/Facebook compilation?

The compilation was allegedly created following the July 24 Clubhouse scrape, where a ‘secret database’ of over 3.8 billion phone numbers, which were allegedly scraped from breached Clubhouse servers, was put for sale on a hacker forum. The numbers purportedly belonged to Clubhouse users and people from their phone contact lists.

The poster claims that the database contains 3.8 billion user records that include names, phone numbers, Clubhouse ranks, and Facebook profile links.

While we were not able to confirm if the database is genuine, the possibility that a threat actor could combine leaked Facebook profile data with other leaks is by no means zero.

It should also be noted that Clubhouse is no stranger to privacy lapses as well, as evidenced by the social media platform’s lax stance on mass scraping that potentially resulted in data from 1.3 million Clubhouse profiles being shared online.

Is this a big deal?

Prior to this compilation, the allegedly scraped Clubhouse phone numbers, which were posted without any additional information about the users, were practically useless to threat actors. As a result, the previous Clubhouse scraped was marked as a ‘bad sample’ on the forum and failed to spark any interest from scammers.

Now, however, the expanded compilation – if genuine – “could serve as a goldmine for scammers,” says CyberNews senior information security researcher Mantas Sasnauskas. According to Sasnauskas, they would gain access to a lot more contextual information about the owners of the leaked phone numbers, including usernames, locations based on phone number suffixes, their Clubhouse network sizes, and Facebook profiles.

This means that it would be much easier for scammers to run localized mass campaigns and craft personalized scams based on the data gleaned from the potential victims’ Facebook profiles.

“People tend to overshare information on social media. This could give insights for scammers on what vector to employ to run their scams successfully by, for example, calling people with the information they learned from their Facebook account,” says Sasnauskas.

As a result, the poster who allegedly expanded the compilation is hoping to capitalize on an old scrape and ask for a higher price.

What does this mean for you?

Judging from the hacker forum post, the author of the compilation wasn’t able to sell the entire database and is still looking for buyers. With that said, the database could be sold piecemeal.

If genuine, the data from the compilation can be used by threat actors against potential victims in multiple ways by:

  • Carrying out targeted phishing and other social engineering campaigns.
  • Spamming 3.8 billion phone numbers and Facebook profiles.
  • Brute-forcing the passwords of the affected Facebook profiles.

If you suspect that your Clubhouse or Facebook profile data might have been scraped by threat actors, we recommend you:

Also, watch out for potential phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.

About the author: CyberNews Team

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Clubhouse)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

5 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

16 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.