Experts rubbish claim of Clubhouse data leak made by hacker forum | #cybersecurity | #cyberattack | #cybersecurity | #infosecurity | #hacker

On July 23, a hacker group claimed that they have got access to over 3.8 billion phone numbers from Clubhouse servers. The claim posted on a hackers’ forum alleging the leak states that the list of numbers contains cellphone, fixed, private and professional numbers. The information about the claim was shared on Twitter by Jiten Jain, Director, Voyager Infosec.

The alleged hackers have claimed that they were able to evaluate the level of the network of each phone number in the world. ‘We can do a national and international ranking of each human and organisation’, they claimed, and said that they will sell the data of 3.8 billion phone numbers through a private auction on the 4th September 2021, on the occasion of the 23rd anniversary of Google.

Furthermore, the Hacker claims that the Clubhouse connects to users’ phonebooks in real and every time someone adds a new number, it gets synced to the Clubhouse servers. Though the claim is fairly true as it shows who has joined Clubhouse from the phonebook of a user, many fingers are pointing at the claims made by the Hacker.

Posts by the hacker.

Post marked as ‘Bad Sample’

The hackers’ forum has marked the post as Bad Sample, which possibly means that the sample provided by the Hacker has not much ‘useful’ information. When we scanned through the comments on the forum, we noticed that many users on that forum had called his data trash.

Left: Sample provided by the hacker. Right: Users on the forum calling it a trash database.

Experts’ views on the alleged leak

OpIndia contacted Sunny Nehra, Admin at Hacks And Security, to get his point of view over the alleged leak. He said, “I have seen this Hacker making mountainous claims before as well, but in the end, his alleged leaks are mostly fake. The list he is providing contains only phone numbers that can be extracted by any means. There are thousands of databases available for every country with only a list of phone numbers. Who knows if he had just compiled all the lists together and marked it as Clubhouse Leak! To be honest, such forums are mostly full of fakes.”

In a tweet, Nehra said, “News of Clubhouse data breach on #darknet is getting viral. The first thing the seller claims FREE sample, but it requires eight credits to unlock. Second, it’s just random Japan phone numbers. Third, threat actor is quite new on that forum, is least active & habitual to making such lame claims.”

He further added, “The threat actor seems to be scamming users of that forum on the name of #clubhouse #dateleak. Earlier someone made a similar claim, and the data was just scraped public data of clubhouse users. And this one is even more lame. Just providing a random japan numbers list.” Nehra said that such numbers could be generated using a simple script as well.

While talking to OpIndia, Rajshekhar Rajaharia, Internet Security Researcher, said, “Hacker is just selling Clubhouse mobile numbers that seems generated. There is no name, photo or any other details available. This list of phone numbers can be generated very easily. PII (Personal Identification Information) is not available for any number in the database. Data leak claim seems a fake.”

In a tweet, he said, “A #Hacker is allegedly selling a list of 3.8 billion phone numbers of #Clubhouse. Seems completely fake. There are only mobile numbers without names, photos. This list of phone numbers can be generated very easily. PII not available.”

He further added, “This seller has a bad past. Attracting buyers by showing lakhs telegram followers. Seems Fake. This is the same Telegram group that was selling the Fake #Whatsapp database of 470 mn users “Without Name & Photo”. Now they changed the group name from “Whatsapp Database Leak” to “ClubHouse Database Leak”. Now selling fake Clubhouse  numbers without name and photo.”

Co-Founder & CTO at cybercrime intelligence firm Hudson Rock said in a tweet, “The new Clubhouse database leak is pretty much b*llsh*t. It is just a list of phone numbers, without any additional information, they could have arrived from anywhere.”

The experts believe that the alleged leak is not real and such numbers can be generated via simple scripts. The users should not panic and wait for an official statement from ClubHouse.

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.