Clubhouse, the audio-only social networking app, has suffered a data leak. An unidentified user has streamed clubhouse sessions on a third-party website, breaching the software’s user policy.
Clubhouse allows users to participate in different audio-only chatrooms. New users can currently only join if invited by an existing user.
The irresistible intrigue caused by such exclusivity has resulted in the platform's monumental growth. Since launching in April 2020, Clubhouse has grown to over 10 million weekly active users, and achieved a 'Unicorn' status with a $1 billion dollar evaluation in less than 12 months.
For Clubhouse to differentiate itself from all other live streaming services, it needs to keep users on the platform. To enforce this requirement, Clubhouse has integrated live collaboration into its value proposition - users currently don't have the ability to record live sessions or playback historical sessions.
An unidentified user, however, has found a way to stream audio feeds from multiple Clubhouse chatrooms from a website. Since discovering this data leak, Clubhouse has banned the user from the platform and severed all audio streams.
But this incident wasn’t a deliberate hack, but rather a deliberate attempt to violate Clubhouse’s terms.
A data leak is an unauthorized exposure of sensitive data. When such exposures are discovered by cybercriminals, it could arm them for a devastating data breach.
This is why it’s so important for organizations to detect and remediate all data leaks.
A Clubhouse data leak wouldn’t be hard to initiate. All that’s required is a website to app integration via an API and for audio connections to be established through a user’s shared login credentials.
The Clubhouse security team is working to rectify this vulnerability, a project added to a growing list of security concerns.
Alex Stamos, head of Stanford University’s Internet Observatory, published several security warnings about Clubhouse. The most distressing discovery was that Clubhouse’s back-end support is hosted by a Chinese-owned company - Agora.
Stamos and his research team mapped Clubhouse’s outgoing web traffic and discovered American network activity flowing to Agora servers, putting US data at high-risk of being compromised by China.
Stanford’s researchers also discovered another data leak where specific user roles could be gleaned from user ID numbers and ID numbers of Clubhouse.
These security concerns don’t seem to be slowing Clubhouse’s growth. Users are perhaps comforted by the growing list of celebrities joining the platform including, MC Hammer, Kevin Hart, Oprah, and Elon Musk.
This growth isn’t giving Clubhouse an incentive to rapidly strengthen its vulnerabilities. If you’re lucky enough to get invited to the platform, consider Stamo’s advice:
Assume all conversations are being recorded.