Clubhouse: 3.8 billion cell phone numbers stolen?

At Clubhouse you have not only got your own cell phone number, but also that of all your contacts. That explains the amount of data.

Did a hack succeed at Clubhouse? The Swiss security researcher Marc Ruef reported yesterday on Twitter about a hacker’s offer to sell. This offers a gigantic database consisting of around 3.8 billion mobile phone numbers in a forum on the Darknet.

Clubhouse loves your phone book!
Clubhouse is an audio-based social network app. After you have registered there, Clubhouse asks you to access the address book. The user must grant access at the latest when they want to invite a friend. Specifically, this means that if the database leak is genuine, the hacker not only sells the cell phone numbers of the clubhouse users, but also all of their contacts.

Clubhouse has experienced a real hype in the last few months, but it has long since subsided. In addition, critical reports regarding the data protection of this app appeared again and again in the media.

Hacker wants to warn of data octopuses
Ruef shows a screenshot of an underground forum on Twitter, where a user named “GOD” is offering a huge collection of cell phone numbers for sale. GOD wants to sell all the phone numbers on September 4th, on the occasion of Google’s 23rd birthday, to a single interested party.

The anonymous provider doesn’t just want to earn money with his campaign. He also connects a lot of criticism of the methods used by companies from Silicon Valley. Because the large corporations also collect the data of people who do not use their services at all. The hacker sees this as a “dangerous invasion” of their privacy. It is time to punish Clubhouse for their behavior because they are violating the GDPR.

Cell phone numbers only partially useful?
There was also criticism on the Internet. The database excerpt from Japan showed that the buyer would not receive any additional information with the exception of the telephone numbers. The numbers could therefore come from anywhere. The cybercriminals still have to conclusively prove their origin, according to Twitter.

The many telephone numbers are hardly of use for hackers. But they would automatically become valuable the moment they were compared with information from other leaks in order to determine the identity of the cell phone owner. Even for SMS phishing, also known as smishing, the numbers are only suitable to a very limited extent.

Clubhouse denies hack
Clubhouse has already denied the theft to other media. There was simply no attack on their infrastructure, it was said on request. The company spokesman assured that it would also not be possible to identify users based on their mobile phone number alone. He believes in a script, which is said to have generated cell phone numbers through randomly selected combinations of numbers.

On Twitter, on the other hand, it is rumored that the number of stolen numbers could be quite realistic. Even so, the last database leak from the spring of this year was much more revealing due to the amount of information.

Leave a comment

Your email address will not be published. Required fields are marked *