A database compiling information on 1.3m users was posted online but the company said it was all publicly available data.
In a week or so of major data breach news, Clubhouse has pushed back against reports that a database of user info was leaked and posted online.
On Saturday (10 April), CyberNews reported that details on 1.3m users were scraped from the live audio app and posted on a hacker forum. The trove of data was said to include information such as names, user IDs, social media handles and number of followers which, according to the report, could potentially be used for nefarious means.
Clubhouse responded to the report by saying that this was not a data leak as it is all publicly available information.
“This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API,” the company said on Twitter.
During a session on the Clubhouse app, the company’s CEO Paul Davison doubled down when asked if the company was hacked or breached. “The data referred to was all public profile information from our app, so the answer to that is a definitive no.”
Troy Hunt, the cybersecurity researcher that operates the Have I Been Pwned site for checking if your data has been breached, said that the information is “benign” and that “no one is losing any sleep over it”.
The report has however raised questions about why the information on Clubhouse was so easy to collate in the first place.
It comes at a time of heightened security angst after previously breached details on more than 500m Facebook users were posted online last week. LinkedIn was struck days later when publicly viewable data that had been scraped from the platform was put up for sale on a hacking forum.
Meanwhile, Clubhouse is reportedly in talks with investors to raise a round of funding that would value the company at $4bn.