Connect with us

NEWS

Clubhouse “Leak” Might Be a Simple Data Scrape

Published

on

Clubhouse “Leak” Might Be a Simple Data Scrape

A data leak of Clubhouse member information has been reported. The information consists of publicly available data and does not consist of sensitive information like passwords. The so-called leak may actually be just a scrape of publicly available information.

Data Leak

A data leak is generally described as a breach that exposes private, confidential and sensitive information. The data leak typically happens because of a security lapse that compromises hidden information.

According to reports about the so-called data leak, all of the information that was obtained is not sensitive and is publicly available.

Report of Clubhouse “Data Leak”

A report in Cybernews.com states that there has been a data leak at Clubhouse, a popular social media app that is available to Apple users only.

According to the Cybernews report:

“…it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million Clubhouse user records leaked for free on a popular hacker forum.”

Was Confidential Information Leaked?

The so-called data leak does not seem to feature any confidential information. All of the information appears to be publicly available data that does not require a hack to obtain.

This is the list of the kind of (publicly available) data that Cybernews reported was leaked:

  • “User ID
  • Name
  • Photo URL
  • Username
  • Twitter handle
  • Instagram handle
  • Number of followers
  • Number of people followed by the user
  • Account creation date
  • Invited by user profile name”

Possibly Not a Data Leak

Security researcher and technology blogger Jane Manchun Wong (@wongmjane) questioned whether this was a leak at all. She suggested that it resembles a simple automated download of public information.

Jane Manchun Wong is a technology blogger and security analyst who frequently posts breaking news related to the technology industry and has been profiled on top media sites like CNN, CNET and The Next Web. She’s been awarded four times by the Facebook Bug Bounty program for discovering vulnerabilities.

Advertisement

Jane tweeted that the Clubhouse leak appears to be a data scrape of publicly available information.

A scrape is when a software is able to download public information from a website, like member information or even just the content. It’s like an automated browser that downloads public information.

In this case the scraper was able to download public user information one by one. What made this scraping possible was apparently Clubhouse creates and stores user information in numerical order.

Every time a user creates an account they’re assigned a user number that corresponds to them. The next person to register is assigned a number that is one digit higher. Someone who wants to download user information can easily guess what the member numbers are and use a software called a scraper to download the public information.

Because the member numbers are in numerical order the scraper can simply look up each account number one by one and download the public member information.

This is how Jane describes it in a tweet:

“Not seeing any private info in this “leaked data” of Clubhouse

The user IDs are numerical. So it just seems like someone scraped the data by hitting Clubhouse’s private API, iterating from user ID 1 to beyond”

Jane remarked on how this lacked the technical sophistication of actual hacks:

Advertisement

“Honestly this “hack” is not very impressive at all. Like wow, you looped the API from 1 to 2 to 3 for the otherwise publicly available data. Wow, very technically challenging”

Jane added quotes to the phrases “leaked data” and “hack” presumably to call into question the validity of calling this a “leak” and a “hack.”

A data leak consists of private and sensitive data, not public data that is available to anyone.

She followed up with this tweet

“Data of 1 Clubhouse profile, including name, social media handles, profile picture, followers/following count, and more, apparently posted on Twitter

The source of this leak told me this is done by opening Clubhouse app, viewing the profile of the victim, and taking a screenshot”

Twitter members who were following Jane’s discussion tweeted satirical responses indicating how underwhelmed they were by the so-called “hack” of publicly available content:

Others questioned how it’s a big deal to download public information:

Why This May Not be a Data Leak of Clubhouse

None of the information is private or sensitive. All of the information is publicly available. The method used to obtain the information appears to not have been due to a security lapse. According to security researcher Jane Manchun Wong this appears to be a relatively unsophisticated download of publicly available information.

Citations

Jane Manchun Wong Explains Clubhouse “Leak” on Twitter

Clubhouse Data Leak: 1.3 Million User Records Leaked Online for Free

Searchenginejournal.com

Advertisement

NEWS

Google December Product Reviews Update Affects More Than English Language Sites? via @sejournal, @martinibuster

Published

on

Google’s Product Reviews update was announced to be rolling out to the English language. No mention was made as to if or when it would roll out to other languages. Mueller answered a question as to whether it is rolling out to other languages.

Google December 2021 Product Reviews Update

On December 1, 2021, Google announced on Twitter that a Product Review update would be rolling out that would focus on English language web pages.

The focus of the update was for improving the quality of reviews shown in Google search, specifically targeting review sites.

A Googler tweeted a description of the kinds of sites that would be targeted for demotion in the search rankings:

“Mainly relevant to sites that post articles reviewing products.

Think of sites like “best TVs under $200″.com.

Goal is to improve the quality and usefulness of reviews we show users.”

Advertisement

Advertisement

Continue Reading Below

Google also published a blog post with more guidance on the product review update that introduced two new best practices that Google’s algorithm would be looking for.

The first best practice was a requirement of evidence that a product was actually handled and reviewed.

The second best practice was to provide links to more than one place that a user could purchase the product.

The Twitter announcement stated that it was rolling out to English language websites. The blog post did not mention what languages it was rolling out to nor did the blog post specify that the product review update was limited to the English language.

Google’s Mueller Thinking About Product Reviews Update

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Product Review Update Targets More Languages?

The person asking the question was rightly under the impression that the product review update only affected English language search results.

Advertisement

Advertisement

Continue Reading Below

But he asserted that he was seeing search volatility in the German language that appears to be related to Google’s December 2021 Product Review Update.

This is his question:

“I was seeing some movements in German search as well.

So I was wondering if there could also be an effect on websites in other languages by this product reviews update… because we had lots of movement and volatility in the last weeks.

…My question is, is it possible that the product reviews update affects other sites as well?”

John Mueller answered:

“I don’t know… like other languages?

My assumption was this was global and and across all languages.

But I don’t know what we announced in the blog post specifically.

Advertisement

But usually we try to push the engineering team to make a decision on that so that we can document it properly in the blog post.

I don’t know if that happened with the product reviews update. I don’t recall the complete blog post.

But it’s… from my point of view it seems like something that we could be doing in multiple languages and wouldn’t be tied to English.

And even if it were English initially, it feels like something that is relevant across the board, and we should try to find ways to roll that out to other languages over time as well.

So I’m not particularly surprised that you see changes in Germany.

But I also don’t know what we actually announced with regards to the locations and languages that are involved.”

Does Product Reviews Update Affect More Languages?

While the tweeted announcement specified that the product reviews update was limited to the English language the official blog post did not mention any such limitations.

Google’s John Mueller offered his opinion that the product reviews update is something that Google could do in multiple languages.

Advertisement

One must wonder if the tweet was meant to communicate that the update was rolling out first in English and subsequently to other languages.

It’s unclear if the product reviews update was rolled out globally to more languages. Hopefully Google will clarify this soon.

Citations

Google Blog Post About Product Reviews Update

Product reviews update and your site

Google’s New Product Reviews Guidelines

Write high quality product reviews

John Mueller Discusses If Product Reviews Update Is Global

Watch Mueller answer the question at the 14:00 Minute Mark

[embedded content]

Searchenginejournal.com

Continue Reading




DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish