Watch out - your Facebook or Clubhouse details could have been leaked online

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Billions of user records, including Facebook account details, have been leaked and put on sale on a popular hacker forum, experts have warned.

Analysts at CyberNews say that the database appears to include names, phone numbers, and other personally identifiable information (PII).

The database has allegedly been compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse database, with the owner’s Facebook profiles, making it valuable to scammers.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

If genuine, the database “could serve as a goldmine for scammers,” opines CyberNews’ senior information security researcher Mantas Sasnauskas. 

Bonanza for scammers 

According to CyberNews, the compilation is an upgrade to an original scrape from breached Clubhouse servers, which only contained the phone numbers of Clubhouse users and people from their phone contact lists.

While the original list wasn’t of much use to scammers, the addition of the users’ Facebook profiles brings a lot more contextual information about the owners of the phone numbers, including usernames, locations based on phone number suffixes, their Clubhouse network sizes, and Facebook profiles, suggests Sasnauskas.

He goes on to explain that if the database is indeed genuine, the data can be used by threat actors to devise all kinds of malicious campaigns. For instance, attackers could use the info to brute force the passwords of the affected users, or perhaps even conduct targeted phishing and social engineering campaigns. 

The poster is reportedly asking $100,000 for the full database of 3.8 billion entries, but is open to the idea of selling the data in piecemeal fashion.

Update: Clubhouse responded to our coverage with the following statement:

"There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers.  In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user identifiable information.  Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices."

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.