So far, it seems like it’s been the worst week of the year for social media platforms in terms of data leaks, with Clubhouse seemingly joining the fray.

Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum.

We reached out to Clubhouse in order to confirm whether the leaked database was genuine and whether Clubhouse was aware of any breach to their systems. As of the time of writing this report, we did not receive a reply from the company.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What was leaked?

The leaked database contains a variety of user-related information from Clubhouse profiles, including:

• User ID
• Photo URL
• Username
• Twitter handle
• Instagram handle
• Number of followers
• Number of people followed by the user
• Account creation date
• Invited by user profile name

Example of leaked data:

What’s the impact?

The data from the leaked files can be used by threat actors against Clubhouse users in multiple ways by:

• Carrying out targeted phishing or other types of social engineering attacks.

The leaked SQL database only contains Clubhouse profile information – we did not find any deeply sensitive data like credit card details or legal documents in the archive posted by the threat actor. With that said, even a profile name, with connections to the user’s other social media profiles identified and established, can be enough for a competent cybercriminal to cause real damage.

Particularly determined attackers can combine information found in the leaked SQL database with other data breaches in order to create detailed profiles of their potential victims. With such information in hand, they can stage much more convincing phishing and social engineering attacks or even commit identity theft against the people whose information has been exposed on the hacker forum.

Next steps

If you suspect that your Clubhouse profile data might have been leaked by threat actors, we recommend you:

• Use our personal data leak checker to find out if your email has ever been leaked.
• Beware of suspicious Clubhouse messages and connection requests from strangers.
• Consider using a password manager to create strong passwords and store them securely.
• Enable two-factor authentication (2FA) on all your online accounts.

Also, watch out for potential phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.

Stay tuned for more information

Our investigation of the Clubhouse leak is ongoing, and we will update the story as it unfolds. 

In the meantime, consider using our personal data leak checker with a library of 15+ billion breached accounts to find out if any of your online accounts have been leaked in previous breaches.

More from CyberNews:

Read our guide on best password managers in 2021 and how to keep your passwords safe

Clubhouse’s privacy problem: your data may be going to China

Guide to best VPN services in 2021, such as Surfshark, ProtonVPN & NordVPN