Month: July 2021

Clubhouse is a social audio app for iOS and Android, where users can communicate in voice chat rooms that host groups of thousands of people.

On July 24, 2021, leading cybersecurity expert Jiten Jain wrote on Twitter that a database of 3.8 billion phone numbers (cellphones, fixed, private, and professionals numbers) of Clubhouse users is up for sale on the Darknet. The screenshot on the tweet claimed that “Clubhouse is connected in real time to all their users’ phonebooks meaning each time you add a new phone number in your phonebook, the number is automatically added into the secret database of Clubhouse. Each number is ranked by a score (the score corresponds to the number of Clubhouse users who have this specific phone number in their phonebook). With this score we are able to evaluate the level of network of each phone number in the world”.

In response, Clubhouse denied these claims, and said: “There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers. In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user-identifiable information. Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices.”

Several security experts have denied the hacker’s claims. Security researcher Rajshekhar Rajaharia said that the list of phone numbers can be generated very easily, and the data leak claim appears fake.

Read more about it here.

ENISA, the European Union Agency for Cybersecurity, published a guide for Subject Matter Experts, containing 12 practical, high level steps on how to better secure their systems and their business.

The 12 recommendations are:

• Develop good Cybersecurity culture
• Provide appropriate training
• Ensure effective third party management
• Develop an incident response plan
• Secure access to systems
• Secure devices
• Secure your network
• Improve physical security
• Secure backups
• Engage (securely!) with the cloud
• Secure online sites
• Seek and share information

Read more about it here.

Popular online employment LinkedIn has been the victim of what’s called a data-scraping attack. Data scraping occurs when a computer program extracts data from a web site

As a result of the data scraping of LinkedIn, security experts say the information of 700 million users, or about 92 percent of LinkedIn users, have been posted for sale on the dark web.

The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, and other social media accounts and usernames. Passwords are not included in the archive, but security experts warn there’s enough information out there for criminals to create a fake identity of a person.

There are several ways you can protect yourself from identity theft, including making sure you have secure passwords on all your devices, using two-factor authentication where it’s offered, and other tips.

Read more about it here.