Clubhouse users should assume they're being recorded, a data-privacy expert said, following a breach that sent conversations to another website
Clubhouseusers should not assume conversations are private, a cybersecurity expert told Bloomberg.
- Over the weekend, the app was breached by an unknown user who streamed audio feeds to an external website.
- This came just a week after the app said it was working to protect user data from hackers.
People participating in discussions on the audio-chatroom app Clubhouse should assume they are being recorded, data-privacy expert Alex Stamos told Bloomberg.
Over the weekend - nearly a week after the app said it was working to protect user data from hackers - cybersecurity experts learned that a user was remotely sharing login information, pulling audio and metadata from Clubhouse to an external site.
The unidentified user streamed Clubhouse audio feeds from "multiple rooms" into their own third-party website, a Clubhouse spokesperson told the publication.
The company has permanently banned the user, it added.
"Clubhouse cannot provide any privacy promises for conversations held anywhere around the world," Stamos, director of the Stanford Internet Observatory (SIO) and former Facebook security chief, told Bloomberg.
Insider contacted Clubhouse for comment, but did not receive a response in time for publication.
On February 12, the SIO released a report into the invite-only app which said user data may be accessible to China's government. In response, Clubhouse said it would review its policies and roll out added encryption in the next "72 hours." It also said it plans to hire an external data security firm to review these changes.
SIO researchers said they found some of Clubhouse's back-end infrastructure, including its audio production and data traffic processing, had been provided by Agora, a Shanghai-based startup with an office in Silicon Valley. Some of this data was being transmitted without encryption.
"Agora would likely have access to users' raw audio, potentially providing access to the Chinese government," the researcher said, and cited an SEC filing in which Agora said it was required to aid the Chinese government in national security and criminal investigations. Conversations about the Tiananmen protests, Xinjiang camps, or Hong Kong protests could qualify as criminal activity, the SIO said.
Agora told Bloomberg it couldn't comment on Clubhouse's security or privacy protocols, but said it was "committed to making our products as secure as we can."
A researcher at the SIO, Jack Cable, told Bloomberg that Clubhouse will likely look into restricting the rooms a user can enter at once, as well as the use of third-party applications in the chatrooms in order to prevent future data breaches.
Clubhouse users have live streamed and shared conversations on outside platforms in the past. In January, viewers hit the app's 5,000 guests per room limit when Tesla CEO
Weeks later, an appearance by Facebook CEO Mark Zuckerberg on the same Clubhouse show caused the app to crash for some users.
The invite-only app has continued to garner public interest since it was created less than a year ago as a way to promote free speech and dynamic conversations online. In the past few months, celebrities, including Paris Hilton, Oprah Winfrey, and Mark Cuban, have flocked to the application.
In January, the app backed by Andreessen Horowitz received a $1 billion valuation.
Clubhouse operates as a real time, audio-only application which allows users to go into individual "rooms" and discuss anything from politics to social justice and pop culture.
The app is currently in beta mode, but in February, Clubhouse CEO Paul Davison told CNBC he plans to open the audio app to all users as soon as possible.
- Close-ups of footage said to show Gabby Petito's van near where a body was found appear to show the rear door closing
- Elon Musk pulled his 'last remaining house' off the market after vowing last year to get rid of nearly all his possessions
- It's never been more clear: companies should give up on back to office and let us all work remotely, permanently
- Durex takes down its latest social media post on the bus scene from Netflix’s Sex Education after internet users call it ‘insensitive’
- Three reasons why this might be a good time to buy Bitcoin
- Sony ZV-E10 vlogging camera with interchangeable lens launched in India
- US, India, Japan, Australia to sign pact for stepping up chip production, reduce dependence on China
- Here’s how to schedule an email in Gmail