It would be the biggest leak in phone numbers that could be bought illegally on the Darknet so far. 3.8 billion phone numbers of clubhouse users and their contacts are said to be for sale – exclusively for a buyer as the alleged hacker advertises his offer.
The likelihood that your phone number is included in the record is high. Even if you don’t use a clubhouse. As with WhatsApp, every phone number that a user of the app has saved on their mobile phone is synchronized in the Clubhouse database. A single one of your contacts as a user of the Clubhouse app is enough for you to appear in the data record with your number.
The offer was found on Darknet security researcher Marc Ruef, who posted it on Twitter . The seller promises that the almost infinite number of phone numbers has already been given a ranking score. That is, the more often a phone number has appeared in the records, the more important it seems to be. Because the more contacts have saved a phone number, the more important and networked this person seems to be, according to the simple calculation. In this way, a potential buyer of the illegal data record can quickly identify important telephone numbers.
In Germany, consumer advocates recently warned against clubhouse .
DATES ARE TO BE AUCTIONED IN SEPTEMBER
A total of 3.8 billion numbers should appear in the database. From Japan alone he has 83.5 million numbers. Given that Japan has around 126 million people, that’s a respectable number. Since the app compares complete phone books, it also contains private landline numbers and company numbers in addition to mobile phone numbers.
The darknet seller speaks of a private auction of the data set. On September 4th, the data should change hands. It is possible that he wants Clubhouse to buy the data in order to protect the customer data of the controversial app.
Ultimately, however, the following also applies: It is unclear whether the data record really exists in this form. If it does exist and it falls into the wrong hands, you can at least temporarily expect a new wave of SMS spam. Just a few weeks ago, a wave of SMS spam made the rounds in which the sender pretended that the parcel service could not deliver a parcel. Anyone who reacted sometimes caught malware.
CLUBHOUSE DENIED
Doubts may well be reasonable as to whether the Darknet seller is serious. Because the example data from Japan should be worthless according to the colleagues from heise. It is “nothing but unconnected telephone numbers without any further information on the user identity”. A script could just as easily put the numbers together, a fraud not ruled out. Compared to the Bild newspaper, Clubhouse denied an attack on its systems and pointed out that the app’s communication did not contain any data that could be used to identify users. The operators of the app described it to the newspaper as a “mathematical coincidence” that the phone numbers of clubhouse users appeared on the Darknet. It is assumed that bots automatically generate cell phone numbers through random combinations of numbers.
After this article was first published, Clubhouse’s PR agency also issued a statement to us in response to the article. It says: “There was no data leak at Clubhouse. There are a number of bots that generate billions of random phone numbers. In the event that one of these random numbers exists on our platform due to a mathematical chance, the Clubhouse API does not return any user-identifiable information. Privacy and security are paramount to Clubhouse and we continue to invest in industry-leading security practices. Clubhouse does not use cookies , does not track users and does not sell any personal data to third parties. “
