April impacted by data leaks

It seems that the second week in April has been the worst week for social media platforms in terms of data leaks.

It looks like now, just a few days after a billion LinkedIn and Facebook profiles leaked, it is the upstart platform Clubhouse’s turn. 1.3 million user records leaked from this platform. The leaked data contains a variety of information, including:

  • User ID
  • Username
  • Account creation date
  • Number of followers
  • Number of people followed by the user
  • Photo URL
  • Twitter handle
  • Instagram handle

In its statement, Clubhouse said that they had not experienced a breach of their systems or hacking. The company stated that all data was publicly available and could be accessed by any user via their API (application programming interface). But, this may cause a potential problem because the application would allow anyone with a token or via an API to retrieve a set of public profile information of any user until the token expires.

Clubhouse social media platform launched in March 2020 and is only for invited users, and currently only for owners of iOS or macOS devices. The platform has grown rapidly and attracted millions of users. The app represents a new type of social media platform based on audio communication and allows users to tune into “rooms” and communicate with each other in a conference call. Users cannot share pictures, videos or texts, only talk.

A database of profiles posted on the hacker forum only contains profile information, no sensitive data such as passwords were found. A profile name with connections to the user’s other social media profiles can serve hackers for targeted attacks that can cause real damage. Particularly determined attackers can combine this information with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing attacks or commit an identity theft.

Regarding a large amount of leaked data from social media platforms over the last week, the National Cyber Security Centre SK-CERT recommends the following:

  • Be prudent and beware of suspicious messages or connection requests from strangers
  • Use strong and unique passwords
  • Enable two-factor authentication (2FA) on all your accounts
  • Also, beware of suspicious phishing e-mails and messages and do not click on any suspicious links and attachments in your e-mails




« Späť na zoznam