Skurio comment on Clubhouse data leak/scraping
April 2021 by Jeremy Hendy, CEO at Skurio
Following the news of Clubhouse data being leaked to an online hacking forum, Jeremy Hendy CEO of Skurio comments the following:
“APIs (application programming interfaces) can be used to extract data en masse unless security controls are applied to prevent unauthorised access. These interfaces should always be created in line with the company’s data privacy policy and data protection regulations that apply to them. Users agree to an application’s privacy terms by signing up for the service. So, in the case of Clubhouse, users have agreed to their data being collected and shared by the company. Most people, however, don’t read these policies before signing up.
A major reason for the introduction of GDPR was to address this specific issue. Stopping businesses from collecting unnecessary data and sharing it, gives European and currently UK citizens confidence that their private details are not being misused.
Although sensitive information such as banking details and passwords were not included in this leak, the data could be beneficial for a threat actor when researching a target business or individual. Where corporate email accounts have been linked with private social media identities – or vice-versa – this information could be exploited when combined with other data breaches or research. Businesses can understand if commingling of personal and corporate profiles is occurring by using a data monitoring solution to provide data breach detection. Organisations must use this opportunity to review and refresh their policies on the use of business emails for personal accounts”.