A database containing the user records of approximately 3.8 billion Clubhouse and Facebook users is being sold at a major hacker forum, reports CyberNews.
The individual selling these is purportedly asking for a sum of USD $100,000 for the entire database, but is also willing to split it up into smaller caches for cheaper prices. Data found in these records consists of sensitive information such as phone numbers, addresses, names, and so on. All of this data seems to have been acquired via a breach of Clubhouse's servers back on the 24th of July, where the numbers of many users were put online. However, the damage extends beyond just Clubhouse's own users.
Since the platform asks users to synchronize their contacts with the app itself, contact numbers from a user's phone can also be exposed via an attack on the company's servers. And this is apparently exactly what happened. Therefore, users without a Clubhouse ID and password still have their data exposed to the hacker site, and can fall under threat. While it is still unknown how the IDs of Facebook users joined the mix, it is possible that the cybercriminal at hand decided to compare the exposed numbers to those found in previous Facebook leaks, which there have been quite a lot of.
This list hasn't even been recently posted, apparently being available on the forum since the 4th of September. However, it was considered to be useless back then, since no additional user info was provided short of names. The post was even tagged as a "bad sample" by moderators. However, the more comprehensive list has finally brought in more attention, and may even lead to quite the lucrative deal for our hacker. Users post a lot about their everyday lives on platforms such as Facebook. Access to such information can lead to further scams being more successful, since they draw on information not otherwise available. Such accounts can also be susceptible to phishing attacks, or the acquisition of passwords via brute force.
The best way to counter any such attacks would be to employ two factor authentication on your social media IDs. Hackers can get your password, but they can't physically grab your phone in the process. Care must be exercised when responding to emails, making sure that they come from legitimate handles. Short of that, stay clear of suspicious information as a whole.
Photo: scyther5; iStock by Getty Images
Read next: Facebook And Europe Go Head To Head For Cookies Policy
The individual selling these is purportedly asking for a sum of USD $100,000 for the entire database, but is also willing to split it up into smaller caches for cheaper prices. Data found in these records consists of sensitive information such as phone numbers, addresses, names, and so on. All of this data seems to have been acquired via a breach of Clubhouse's servers back on the 24th of July, where the numbers of many users were put online. However, the damage extends beyond just Clubhouse's own users.
Since the platform asks users to synchronize their contacts with the app itself, contact numbers from a user's phone can also be exposed via an attack on the company's servers. And this is apparently exactly what happened. Therefore, users without a Clubhouse ID and password still have their data exposed to the hacker site, and can fall under threat. While it is still unknown how the IDs of Facebook users joined the mix, it is possible that the cybercriminal at hand decided to compare the exposed numbers to those found in previous Facebook leaks, which there have been quite a lot of.
This list hasn't even been recently posted, apparently being available on the forum since the 4th of September. However, it was considered to be useless back then, since no additional user info was provided short of names. The post was even tagged as a "bad sample" by moderators. However, the more comprehensive list has finally brought in more attention, and may even lead to quite the lucrative deal for our hacker. Users post a lot about their everyday lives on platforms such as Facebook. Access to such information can lead to further scams being more successful, since they draw on information not otherwise available. Such accounts can also be susceptible to phishing attacks, or the acquisition of passwords via brute force.
The best way to counter any such attacks would be to employ two factor authentication on your social media IDs. Hackers can get your password, but they can't physically grab your phone in the process. Care must be exercised when responding to emails, making sure that they come from legitimate handles. Short of that, stay clear of suspicious information as a whole.
Photo: scyther5; iStock by Getty Images
Read next: Facebook And Europe Go Head To Head For Cookies Policy