Clubhouse Is Not A Safehouse. Proved A Recent Hacking Incident

Clubhouse Is Not A Safehouse. Proved A Recent Hacking Incident
Published on

A new audio-only social network app, Clubhouse, has shot to fame to become one of the most popular apps of 2021. This app recently crossed eight million downloads, despite being IOS exclusive. Tech giants like Elon Musk and Mark Zuckerberg have shown interest in this app which screams its potential growth.

However, this invite-only app has become prone to hacking. Here's what happened.

Clubhouse allows users to take part in public or private chat rooms with the assurance that the spoken content will expire once the session is over, and cannot be recorded. But much to everyone's surprise, US cybersecurity researchers stated that a user has found a way to leak the audio stream from multiple chat rooms.

As told by a Bloomberg report, the hacker was able to access users' audio chats and streamed them on third-party websites, alarming the officials. The audio that was leaked was collected from various rooms on the app. Clubhouse told Bloomberg that it has banned the user and installed new safeguards to protect conversations from being leaked again. Clubhouse told the BBC that "recording or streaming without the explicit permission of the speakers violates the app's terms and conditions."

According to spokeswoman Reema Bahnasy, "Over the weekend, an individual temporarily streamed multiple rooms from their own feed to a website. This individual's account has been permanently banned from the service and we have added additional safeguards to prevent people from doing this in the future."

How Was Clubhouse Hacked?

The hacker built a system about the JavaScript tools that were used to develop Clubhouse. This way, the hacker was able to modify the app and access users' chats, and display them on another website. Stanford researchers say that even though Clubhouse adheres to strict security measures, users should not only rely on them and understand that the chats are still unsafe.

Alex Stamos, director of SIO (Stanford University Internat Observatory) that first reported the security issues in Clubhouse says, "Clubhouse cannot provide any privacy promises for conversations held anywhere around the world."

Clubhouse officials confirmed that was an act of data spillage. Data spillage is different from a data breach. Data breaches are intentional and carried out with the purpose to steal data. Data spillage is an incident where confidential information is released into an environment that has no authorization to access the information.

It is also revealed that Clubhouse has connections with China. Most of the app's backend is handled by a Shanghai-based startup called Agora Inc. This dependency raises questions regarding the app's security as there are chances of users' data being shared with the Chinese government. Considering the growth of this app in terms of downloads and influencer shout-outs, the thought of people's data being shared by violating the app's security is scary.

Australian cybersecurity researcher Robert Potter, who built the Washington Post's cybersecurity operation centre says, " I feel like there's a bunch of users who got really enthusiastic because it's a new thing and because you need an invitation, the conversations must be private. It happened with Zoom and Tiktok – again and again, we see an app that has really high growth, it goes viral, and then they have a privacy problem, or they find lots of problems that weren't so big a deal when they were smaller, and cyber-security comes later. I think people just need to realize that the privacy and cybersecurity of newer social media platforms aren't going to be as good as mature ones."

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Related Stories

No stories found.
logo
Analytics Insight
www.analyticsinsight.net