3.8 billion user records is up for sale on Darknet

Earlier scraped Clubhouse database is now again up for sale with Facebook profiles this time. It seems the previous offer had no interest in potential buyers.

Is such a leak new?

Some argue whether this post can be legit given the fact that a similar offer was made before but without Facebook profiles. That post, not this one, was made soon after the July 24 scrape of the social audio app. Jiten Jain — cyber security specialist tweeted about the previous incident in the Clubhouse data breach. 3.8 billion phone numbers of users along with numbers from contact lists were put on sale but the seller had no chance to make any profit from it judging by the renewed attempt.

And recently the post was published where a 3.8 billion database in a bundle with the Facebook profile for $100,000 was offered. It also says that the seller is ready to split up the archive for potential buyers. The compilation appears to have names, phone numbers, and other data. While no one can for sure test the authenticity of the said post, some cyber security specialists add that the possibility of the Facebook profiles having been combined with other leaks is doubtful.¹

It’s not the first time Clubhouse social app gets under the spotlight. This year 1.3 million Clubhouse profiles have been shared online and were released on a famous hacker forum. Cyber security specialists point out that the app allows literally anyone to have access to private user information. In their defense company behind this app argued that they don’t see anything too critical and that this kind of information that was shared online anyone can have access to. ²

Why data leaks are dangerous?

In any case, if the sale post is real, then it would be like a Gold Eldorado for different kinds of scammers. They could get access to more personalized user data. It means scammers will be able to run more localized mass campaigns and target victims with more personalized scams.

“People tend to overshare information on social media. This could give insights for scammers on what vector to employ to run their scams successfully by, for example, calling people with the information they learned from their Facebook account,” Mantas Sasnauskas, CyberNews senior information security researcher.

If you fear your personal data might be involved, then consider the following precaution measures:

• Change the password of your Facebook and Clubhouse accounts.
• Beware of suspicious Facebook messages and connection requests from strangers.
• Use a password manager to make strong passwords and keep them safely.
• Switch on two-factor authentication (2FA) on all your online accounts.
• Beware of potential phishing emails and other suspicious text messages. Don`t respond to them or click.

1. About Clubhouse vulnerabilities
2. Cybernews report on the 3.8 million profiles leakage.