Do you feel safe because you have never used Clubhouse? Wrong: your number may still be there!
A dabatase with 3.8 billion phone numbers, collected by Clubhouse, would be (note the conditional – see after the tweet) for sale on the dark web, with an auction which should be held (ironically) the September 4, 2021, anniversary of the founding of Google. Why so many numbers? Because Clubhouse would save not only those of its own users, but theirs entire phone book, thus having access not only to the contacts of those who use the service, but also to all their friends and acquaintances (you can deactivate this option in the Clubhouse settings, but it is not clear if, according to who would have the database, the collection of numbers takes place anyway). In other words: even if you didn’t use Clubhouse, there’s a good chance your phone numbers have been compromised.
And it does not end here, because all this would also serve to create a sort of “popularity ranking“, Based on how many Clubhouse users have the same phone number in their address book. In this way it is possible to estimate how much each number, that is each user, is “connected” to the others, very attractive information, for example for advertising purposes, but not only.
This practice, according to what was reported by those who auctioned the database, would be very common among the big names in Silicon Valley, and besides being an obvious one violation of privacy, is also in open opposition to the GDPR in force in Europe.
All this you can also read below, in the tweet of Marc Reuf, a researcher at Scip, who first broke the news.
ATTENTION! (note the emphasis again) Already last April, the CEO of Clubhouse had denied a theft of personal data to the detriment of his company and its users, but for now we are still waiting for an official comment on this latest story. of which we have not found a match elsewhere (and 15 hours have already passed since the publication of the tweet in question). There is therefore the possibility that there has not been any data breach or that things are not as described in the image above anyway.
In the absence of further elements it is impossible for us to unbalance ourselves in any sense, also because the accusations raised are somewhat heavy, and should be treated with due caution. As soon as there will be news about it, we will be happy to update you.