Clubhouse announced that they had a security breach and took measures against it.Recently, popular social network application Clubhouse allows users to participate in various conversations.

The iOS application, which can only be included by invitation, has reached 8 million downloads recently. On the other hand, a few weeks ago the Stanford Internet Observatory (SIO) pointed to numerous potential security weaknesses in the service. Now, Clubhouse has confirmed that they have experienced a security breach and announced that they have taken new measures to avoid similar incidents in the future.

In a statement given to Bloomberg by a Clubhouse spokesperson, it was stated that a user can receive live audio from more than one private room and broadcast it on the website. It is stated that this weekend incident was possible thanks to a system that used the same JavaScript toolkit used to compile the attacker’s Clubhouse application. While the identity of the attacker is not disclosed, it is emphasized that this user is permanently blocked from the application. Of course, this development confirmed the security concerns that SIO had raised a few days ago. One of them was that Clubhouse user and chat room identities were transmitted in plain text instead of being encrypted over the internet.

SIO is the Shanghai-based Agora Inc. of the backend of the Clubhouse. He also shared that it was managed by an initiative named. The Chinese company says it “temporarily” stores raw audio data on its servers for processing, but it has not elaborated on how long this process is. Additionally, Agora Inc. It does not share details about the security mechanisms and protocols it has put into effect to prevent security breaches.

LEAVE A REPLY

Please enter your comment!
Please enter your name here