Billions of user records, including Facebook account details, have been leaked and put on sale on a popular hacker forum, experts have warned.
Analysts at CyberNews (opens in new tab) say that the database appears to include names, phone numbers, and other personally identifiable information (PII).
The database has allegedly been compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse database, with the owner’s Facebook profiles, making it valuable to scammers.
- Shield yourself with these best identity theft protection services (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
- Here's our choice of the best malware removal (opens in new tab) software on the market
If genuine, the database “could serve as a goldmine for scammers,” opines (opens in new tab) CyberNews’ senior information security researcher Mantas Sasnauskas.
Bonanza for scammers
According to CyberNews, the compilation is an upgrade to an original scrape from breached Clubhouse servers, which only contained the phone numbers of Clubhouse users and people from their phone contact lists.
While the original list wasn’t of much use to scammers, the addition of the users’ Facebook profiles brings a lot more contextual information about the owners of the phone numbers, including usernames, locations based on phone number suffixes, their Clubhouse network sizes, and Facebook profiles, suggests Sasnauskas.
He goes on to explain that if the database is indeed genuine, the data can be used by threat actors to devise all kinds of malicious campaigns. For instance, attackers could use the info to brute force the passwords of the affected users, or perhaps even conduct targeted phishing (opens in new tab) and social engineering campaigns.
The poster is reportedly asking $100,000 for the full database of 3.8 billion entries, but is open to the idea of selling the data in piecemeal fashion.
Update: Clubhouse responded to our coverage with the following statement:
"There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers. In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user identifiable information. Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices."
- Protect your devices with these best antivirus software (opens in new tab)