Clubhouse voice notes were leaked; thousands of users affected

Clubhouse, a social media app on iPhone to interact exclusively through voice notes, confirmed that last weekend it suffered a data leak incident. This platform allows users to join audio chat rooms (public or private); conversations are not stored, so many users are enthusiastic about this service.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

David Thiel, chief technology officer at Stanford University’s Internet Observatory, reported the incident, not to mention that this incident was not the product of a cyberattack. On the cause of this incident, the expert believes it could all be because a user decided to violate Clubhouse’s terms of service.

Clubhouse voice notes were leaked; thousands of users affected

“This is a condition known as an ‘information spillage’, and it is different from data breaches that these incidents are deliberately provoked through a cyberattack or social engineering technique; information spillage occurs when sensitive data is released in an unauthorized environment to access this information,” the expert says.

Thiel believes the incident originated because a user discovered that it was possible to be connected in multiple chat rooms simultaneously, generating the opportunity to connect a Clubhouse API to an external website and share their login remotely with any online user: “Actually creating third-party platforms to extract data from a service is very common. For example, all the tools created to extract information from Twitter.”

Just a couple of weeks ago The developers of Clubhouse stated that the information transmitted through this platform could not be compromised by threat actors sponsored by national states, a statement issued in response to a report from the Internet Observatory. This report details multiple security flaws detected in Clubhouse whose exploitation would allow the leaking of sensitive details in plain text.

Experts who produced this report also considered that advanced hacking groups such as those sponsored by the Chinese government could access audio files on Clubhouse servers as their backend infrastructure is developed by Agora, a company operating in both the United States and China.

This is a serious report but it is not the first time that a similar condition is reported, as in the past some mechanisms have been detailed to intercept information shared through similar platforms. Finally, Thiel attributes the issues to clubhouse being a relatively young service and prone to leaving exploitable gaps by users with various motivations: “This platform must make sure to deliver on what it promises, as it has been shown that conversations are not completely private.”

The post Clubhouse voice notes were leaked; thousands of users affected appeared first on Cyber Security News | Exploit One | Hacking News.

By admin