The social media platform Clubhouse has said reports of a personal data breach involving it’s 1.3 million users, which prompted Hong Kong’s privacy watchdog to issue a security warning, were “misleading and false”.
Online publication CyberNews had claimed that personal information of users of the invite-only iOS app had been exposed over the weekend, prompting Hong Kong’s privacy commissioner’s office to urge local users to step up their security.
But Clubhouse took to Twitter on Sunday to refute the claims made by CyberNews.
“Clubhouse has not been breached or hacked,” it said. “The data referred to is all public profile information from our app, which anyone can access via the app or our API (application programming interface).”
The privacy commissioner’s office said it was contacting the social media platform to remind it that if there were any breaches, Clubhouse should “notify the affected users as soon as possible to mitigate the risks arising from the incident”.
The Clubhouse scare came days after reports that the personal data of 500 million users of Facebook and Linkedln each were extracted and posted online for sale.
Affected user-related information included user ID, name, photo URL, username, Twitter handle and Instagram handle, according to the CyberNews report.
The report said no “deeply sensitive data” such as credit card details had been found, but it warned that hackers could still combine information found in the data with other data breaches to create detailed profiles of potential victims.
Privacy Commissioner Ada Chung Lai-ling appealed to Clubhouse users to be vigilant about potential theft of personal data, and advised them to change passwords, and beware of any unusual logins on social media accounts and personal emails.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, urged social media platforms to upgrade their security mechanisms.
“If it is data scraping, there is little we can do,” he said. “But if the security issues are at the server level, those big companies should be responsible. Otherwise, no matter how much users step up privacy protection, it is of no use.”
Fong, also a Clubhouse user, said on Sunday he had not received any notification from the firm about the scraping.
He said previously internet scrapers were using software to extract publicly viewable personal data for their own purposes. Some social media companies might not consider scraping to be a leak or security issue, he said.
Amid the data leak scare, Clubhouse users were advised to avoid suspicious messages and connection requests from strangers. They were also told they could reset the password of their accounts. Enabling a two-factor authentication system is also one of the ways to keep cybercriminals at bay.
Launched a year ago, Clubhouse was reported to have about 13.4 million users across the world in late March.
It focuses on live audio and candid conversations, and its popularity rose after Tesla founder Elon Musk, Facebook’s Mark Zuckerberg and singer Drake joined it.
A conservative is a man with two perfectly good legs who, however, has never learned how to walk forward.