Clubhouse security breach

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Private social app Clubhouse allows users to engage in informal conversations. [..] concerns were raised around Clubhouse a couple of weeks ago with the Stanford Internet Observatory (SIO) citing numerous potential security weaknesses in the service. Today, Clubhouse has confirmed a security breach and placed new safeguards to prevent similar incidents in the future.

In a statement to Bloomberg, a Clubhouse spokesperson mentioned that a user was able to siphon live audio from multiple private rooms and stream them on their website. This incident, which took place over the weekend, was possible due to the attacker through a system utilizing the same JavaScript toolkit that is used to compile the Clubhouse application. While the identity of the involved party has not been disclosed, the spokesperson clarified that the user has been banned permanently from the app.

This situation feeds into the security concerns raised by the SIO a few days ago. One of these was Clubhouse user and chatroom IDs were being transmitted over the internet in plaintext instead of being encrypted.

Furthermore, SIO also revealed that the backend of the platform is handled by a Shanghai-based startup called Agora Inc. The Chinese company states that it "temporarily" stores raw audio data for processing in its servers but it is currently unknown how long this time period is and where the servers are situated. In a statement to The Verge, the firm confirmed that it does not route traffic produced by non-Chinese users through China. However, Agora declined to go into details about the security mechanisms and protocols in place to prevent security breaches, such as the one that took place over the weekend.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top