Audio-chat social network app Clubhouse is experiencing further security woes after it was revealed that an attacker was stealing live audio data from the platform. The revelation raises serious privacy concerns for users of the invitation-only app, which has seen its valuation skyrocket in recent months.
Researchers at the Stanford Internet Observatory (SIO) had recently identified a number of security issues affecting the platform, including the transmission of personally identifiable information such as a user’s unique Clubhouse ID number and chatroom ID in plaintext. In response, Clubhouse insisted that it was introducing safeguards to ensure user data couldn’t be stolen by malicious actors – a promise which may not be worth as much as initially thought.
It has now been reported that an unidentified user has been able to stream audio from multiple Clubhouse rooms into their third-party website. The individual concerned has been permanently banned and, once again, Clubhouse claims that new security measures will prevent a repeat incident from taking place.
Join the club
Perhaps the most concerning element of Clubhouse’s surge in popularity is the fact that the app relies on the Shanghai-based start-up Agora for its back-end operations. Experts working for SIO believe that this means that any guarantees Clubhouse makes regarding data traffic and privacy commitments should be viewed skeptically.
Although a statement from Agora claimed that the company did not “store or share personally identifiable information” for any of its clients, the SIO believes that users should assume all their Clubhouse conversations are being recorded. This could be of particular concern for Chinese citizens using the app, given that the country has shown a proclivity for state surveillance in the past.
Although Clubhouse was only launched last year, the app has grown rapidly in popularity. In December, the platform had a valuation of just $100 million but by January 2021, this had reached $1 billion.
Via Bloomberg
Comments are closed.