An unidentified user was able to transmit the audio streams from Club House this weekend from “multiple rooms” to a third party website, As reported Bloomberg. This information was confirmed by Reema Bahnasy, Clubhouse spokesperson.
The company assured that, after this incident, that user was “permanently banned” from the application. In addition, the service implemented new security measures to prevent this situation from repeating.
The rooms are usually divided into two groups: those who speak and those who listen. Additionally, a moderator monitors conversations and has the ability to accept or reject users. In addition to the topics in which the “clubs” are ordered, two or more users can join together to create their own chat room.
The platform relies on a Shanghai-based startup called Agora Inc. to handle much of its back-end operations. While the app is responsible for its user experience, such as adding new friends and finding rooms, the social network relies on the Chinese company to process its data traffic and audio production, according to Alex Stamos, director of the SIO and former head of security of Facebook Inc, in the published article.
It should be remembered that researchers from the Internet Observatory of Stanford University (California, USA) a few days ago concluded that the Chinese Government could access the data of the users of the platform, including raw audio material, due to the application’s data protection practices.
Agora, for its part, assured that it does not “store or share personally identifiable information” of any of its customers. “We are committed to making our products as secure as possible,” said the company.
It is not the first incident that this application has suffered. Last week, a developer outside the company designed an open source app that allowed Android users to access the platform without the need for an invitation. so anyone can listen to audio files, as reported by the site Silicon Angle.
Other security concerns related to the service are mentioned in that same article. Lourdes Turrecha, founder and CEO of privacy consultancy PIX LLC, wrote in Medium what the social network collects not only the personal information of its users, but also their contact details. In addition, Turrecha says that the platform also accesses the information of the users’ Twitter account without explaining why.
“Clubhouse is still in its infancy and, as with many applications, the privacy of its users is often an afterthought. Similar to when Zoom usage skyrocketed, the platform is experiencing great acceptance and learning as it progresses. Too often, the security and privacy of the startup user base is not seen as as important as the growth of the business. However, without adequate protection, it could be said that there is no longevity ”, analyzes Jake Moore, Security Specialist at Eset.