Private Clubhouse chatroom audio leaked online

Edward Kost
Edward Kost
March 1, 2021

Clubhouse, the audio-only social networking app, has suffered a data leak. An unidentified user has streamed clubhouse sessions on a third-party website, breaching the software’s user policy.

Clubhouse allows users to participate in different audio-only chatrooms. New users can currently only join if invited by an existing user. 

The irresistible intrigue caused by such exclusivity has resulted in the platform's monumental growth. Since launching in April 2020, Clubhouse has grown to over 10 million weekly active users, and achieved a 'Unicorn' status with a $1 billion dollar evaluation in less than 12 months.

For Clubhouse to differentiate itself from all other live streaming services, it needs to keep users on the platform. To enforce this requirement, Clubhouse has integrated live collaboration into its value proposition - users currently don't have the ability to record live sessions or playback historical sessions.

An unidentified user, however, has found a way to stream audio feeds from multiple Clubhouse chatrooms from a website. Since discovering this data leak, Clubhouse has banned the user from the platform and severed all audio streams.

But this incident wasn’t a deliberate hack, but rather a deliberate attempt to violate Clubhouse’s terms.

A data leak is an unauthorized exposure of sensitive data. When such exposures are discovered by cybercriminals, it could arm them for a devastating data breach. 

This is why it’s so important for organizations to detect and remediate all data leaks.

A Clubhouse data leak wouldn’t be hard to initiate. All that’s required is a website to app integration via an API and for audio connections to be established through a user’s shared login credentials.

The Clubhouse security team is working to rectify this vulnerability, a project added to a growing list of security concerns.

Alex Stamos, head of Stanford University’s Internet Observatory, published several security warnings about Clubhouse. The most distressing discovery was that Clubhouse’s back-end support is hosted by a Chinese-owned company - Agora.

Stamos and his research team mapped Clubhouse’s outgoing web traffic and discovered American network activity flowing to Agora servers, putting US data at high-risk of being compromised by China.

Stanford’s researchers also discovered another data leak where specific user roles could be gleaned from user ID numbers and ID numbers of Clubhouse.

These security concerns don’t seem to be slowing Clubhouse’s growth. Users are perhaps comforted by the growing list of celebrities joining the platform including, MC Hammer, Kevin Hart, Oprah, and Elon Musk.

This growth isn’t giving Clubhouse an incentive to rapidly strengthen its vulnerabilities. If you’re lucky enough to get invited to the platform, consider Stamo’s advice:

Assume all conversations are being recorded.

How secure is Clubhouse?

Clubhouse is an audio-only social networking app for iPhone iOS.
  • Check icon
    View our free preliminary report on Clubhouse’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
https://www.joinclubhouse.com/
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating