The user was banned from the social network when the conversation was being broadcast from various chat rooms on his website.
The clubhouse social network confirmed that a user was able to stream the app’s content on their website.
The device, which has become fashionable in recent weeks, allows users to participate in public or private chat rooms in which only voice messages are possible. There is a promise that the content can only be followed live, at which time it is posted, and not recorded anywhere.
But US cyber security researchers said a user found a way to broadcast the app’s audio on Sunday.
The clubhouse confirmed the leak, which occurs when the information is released at a location that does not have authorization to access it.
A Empesa Disse in Bloomberg Which banned the user from the platform and set up new security settings to prevent interaction from being “leaked” again.
Through the note, those responsible for the social network told the BBC that the chat violates the terms and conditions of use of the recording or broadcasting app without the explicit permission of the participants.
One of the company’s spokespersons said: “Last weekend, a user temporarily broadcasted several chat rooms to a website. This person’s account has been permanently banned from service and additional security measures. So that other people are prevented from doing so in future. ” “
The Stanford University Internet Observatory in the United States reported the incident first-hand, but Club House Chief Technology Officer David Thiel said the data leak was not malicious.
Robert Potter, a cyberspace researcher who built the Washington Post’s cybersecurity operations center, agrees.
He explained that a “data leak” is different from a “data breech”. In the second case, hacking is done intentionally and usually by someone who attacks the system to steal valuable information.
A data leak is an incident in which confidential information is disclosed in an unauthorized environment.
According to Potter, the incident occurred because one person felt that it was possible to be in multiple chat rooms at the same time.
By understanding how the application’s mechanics worked, the user was then able to connect the clubhouse programming code to their website and essentially “remotely” share an audio chat with someone on the Internet.
“If the app becomes popular, people will do data-extracting third-party programming and services – as is already the case, for example, with multiple programs receiving information via Twitter,” Potter told the BBC told.
Last Sunday’s incident came after the clubhouse announced that user data could not be stolen by state-sponsored cyber criminals or hackers in response to an alert issued by Stanford University’s Internet Observatory.
The institute is headed by former Facebook security leader Alex Stamos.
Researchers at Stanford discovered several security holes, including the fact that users’ unique identification numbers and chat room codes were being transmitted in plain text, which would allow different types of manipulation.
Experts were also concerned that the Chinese government could gain access to raw audio files on the clubhouse’s servers, as its infrastructure was provided by a real-time engagement company called Agora, with offices in Shanghai (China) and San Francisco ( United States). .
When Agora became a public company and went on to sell shares on the stock exchange in July 2020, reports from the United States Securities and Exchange Commission (SEC) indicated that aid and assistance provided under the law for public safety It will be necessary to do. And national security officials to protect national security or assist in criminal investigations, “because of the company’s relationship with China.
Stanford experts informed the club house of the flaws and announced on 12 February that they were working with the company responsible for the application to improve their security.
“Almost” public chat
Although it is surprising to hear that audio conversations in the club house can be removed from the app, but this is not a completely new fact.
Many users are already using audio recording or screen capture functions of their devices, such as Elon Musk and Kevin Hart, to record conversations with celebrities, and then upload them to YouTube.
Again, this goes against the app’s terms of service, but means that no one should expect their conversation to be truly private, warns Thiel.
He said, consider the clubhouse chat to be semi-public due to problems with Agora and the fact that we all have microphones on cell phones.
Potter believes the problem lies in the fact that the clubhouse is still a young and immature service.
“There are a lot of users who were really excited because it’s a new thing and because you need an invitation to participate,” he says.
“The same phenomenon happened with Zoom and TickTalk. We again see an application that achieves a very high growth, goes viral and immediately sees privacy issues or when the platform is found to be small Bugs were not so important. Cyberspace comes later. “
Potter said consumers should be realistic about services like clubhouses with their data.
“People should realize that the privacy and cyber security of new social media platforms will not be good like other mature networks,” he compares.
“If you’re one of the first people to adopt and try out new apps and new smartphones, the bugs will always be visible,” he says.
Have you seen our new videos YoutubeThe Subscribe to our channel!