3.8 Billion Clubhouse and Facebook User Accounts for Sale

It seems we can’t go a week without hearing about another data breach or leak of exposed information on the dark web. For example, Security Affairs reported last week that a hacker is selling 3.8 billion Clubhouse and Facebook user accounts.

What Happened?

A hacker on a popular dark web forum claims he has a massive database (3.8 billion records) scraped from Facebook and Clubhouse, and he is selling them to the highest bidder.

Initially reported by Cyber News, the database was

“allegedly compiled by combining 3.8 billion phone numbers from a previously scraped Clubhouse ‘secret database’ with users’ Facebook profiles.”

The hacker claims to have usernames, phone numbers, and other personal details. He is asking $100,000 for the entire database but is also willing to split it into smaller pieces for multiple buyers. The treasure trove also includes profile data for users who do not have Clubhouse accounts because the service insists that users share their contact lists with the platform.

Security researchers have not yet verified the data to confirm that it is legitimate.

Clubhouse Privacy Issues

The incident is not the first privacy issue for Clubhouse. Recently 1.3 million users’ data was scraped from the platform. However, because threat actors were only offering up phone numbers from the breach, it held no value.

However, if hackers have paired these phone numbers with other data found on the dark web, it could be a hacker’s dream. The combined information would be very useful in dozens of different types of scams. If the combined data includes profile information, hackers will have plenty of ammunition to wage many different types of fraud. Users would be very vulnerable to phishing campaigns, malware attacks, and even phone scams.

Any time cybercriminals acquire social media information, it poses a real threat. Unfortunately, most people overshare on social media giving thieves a lot of insight into their personalities and essentially making it easy to personalize scams and target specific groups of people based on their preferences, hobbies, and other personality traits.

What Can Users Do?

Cyber News has set up a personal data leak checker that victims can use to see if their information shows up in the breach. It contains more than 15+ billion records.

So far, the hacker selling the information has not had any buyers. However, that doesn’t mean that as a Facebook or Clubhouse user, you are safe. Some of the biggest dangers users face from this breach are phishing emails, spam calls, and brute-force attacks on their accounts.

To stay safe, users should follow these tips below:

• Beware of any strange emails that appear to come from Clubhouse or Facebook.
• Be very careful about new connection requests within Facebook.
• Change your Clubhouse and Facebook account passwords to something very long and strong.
• Enable two-factor authentication on all your accounts.
• Use the personal data leak checker to verify your information is out there.
• Never click links in emails or text messages from strangers.
• Verify the sender’s address of every email before taking any action.
• Watch out for social engineering tactics on social media and through email. 
• Educate yourself on the various types of cyberattacks and learn how to mitigate them.
• Report any abuse to the Federal Trade Commission (FTC).

Although this particular data breach doesn’t include details that could be used for identity theft, it does give hackers enough information to try to trick you out of additional details. The best defense is awareness and common sense. If something sounds too good to be true, it probably is.