Skip to main content

Clubhouse promises fix after audio insecurely streamed from third-party website

Clubhouse promises fix after audio insecurely streamed from third-party website

/

Company says the user has been permanently banned

Share this story

Clubhouse Photo Illustrations
Photo illustration by Jakub Porzycki/NurPhoto via Getty Images

Clubhouse has confirmed one of its users was able to siphon off audio feeds from the invitation-only app and make them accessible from a third-party website, raising security concerns about the fledgling service. A Clubhouse spokesperson told Bloomberg that “multiple rooms” were affected, and that the user behind the breach had been “permanently banned.” It said “safeguards” have been put in place to prevent a repeat, though it reportedly declined to provide specific details.

The incident is a reminder for Clubhouse users to be careful about sharing sensitive information in conversations held via the invite-only iOS app. This is especially important for any Chinese citizens or dissidents using the app, or any users concerned about state surveillance. Although Clubhouse is blocked in China, users are reportedly still able to access the service via VPNs.

A reminder to be careful sharing sensitive information in the app

This latest security incident comes a week after Clubhouse was criticized for vulnerabilities in its infrastructure. A report from the Stanford Internet Observatory found that users’ unique Clubhouse ID numbers and chatroom IDs were transmitted in plaintext, which could theoretically allow an outside observer to work out who’s talking to who on the app. Clubhouse also uses Shanghai-based Agora Inc, for its back-end infrastructure. As a Chinese company, Agora has a legal obligation to assist Chinese authorities in locating the source of audio if it’s deemed to pose a national security risk, the SIO said.

In response to last week’s report, Clubhouse said it plans to add additional encryption and blocks to prevent the service from pinging servers based in China, and that it would be hiring an external security firm to review the updates. Agora told the SIO that it only stores user audio or metadata when required for billing and network monitoring purposes. In a statement to The Verge, Agora said it “does not have access to, share, or store personally identifiable end-user data,” and that it does not route “voice or video traffic from non-China based users” through China.

Today’s Storystream

Feed refreshed 19 minutes ago Midjourneys

M
Twitter
Mary Beth Griggs19 minutes ago
NASA’s SLS rocket is secure as Hurricane Ian barrels towards Florida.

The rocket — and the Orion spacecraft on top — are now back inside the massive Vehicle Assembly Building. Facing menacing forecasts, NASA decided to roll it away from the launchpad yesterday.


A
External Link
Andrew J. HawkinsTwo hours ago
Harley-Davidson’s electric motorcycle brand is about to go public via SPAC

LiveWire has completed its merger with a blank-check company and will make its debut on the New York Stock Exchange today. Harley-Davison CEO Jochen Zeitz called it “a proud and exciting milestone for LiveWire towards its ambition to become the most desirable electric motorcycle brand in the world.” Hopefully it also manages to avoid the cash crunch of other EV SPACs, like Canoo, Arrival, Faraday Future, and Lordstown.


Asian America learns how to hit back

The desperate, confused, righteous campaign to stop Asian hate

Esther WangSep 26
A
The Verge
Andrew WebsterTwo hours ago
“There’s an endless array of drama going on surrounding Twitch right now.”

That’s Ryan Morrison, CEO of Evolved Talent Agency, which represents some of the biggest streamers around. And he’s right — as you can read in this investigation from my colleague Ash Parrish, who looked into just what’s going on with Amazon’s livestreaming service.


R
The Verge
Richard LawlerTwo hours ago
Green light.

NASA’s spacecraft crashed, and everyone is very happy about it.

Otherwise, Mitchell Clark is kicking off the day with a deeper look at Dish Network’s definitely-real 5G wireless service , and Walmart’s metaverse vision in Roblox is not looking good at all.


J
External Link
Jess Weatherbed11:49 AM UTC
Won’t anyone think of the billionaires?

Forbes reports that rising inflation and falling stock prices have collectively cost members of the Forbes 400 US rich list $500 billion in 2022 with tech tycoons suffering the biggest losses.

Jeff Bezos (worth $151 billion) lost $50 billion, Google’s Larry Page and Sergey Brin (worth a collective $182b) lost almost $60b, Mark Zuckerberg (worth $57.7b) lost $76.8b, and Twitter co-founder Jack Dorsey (worth $4.5b) lost $10.4b. Former Microsoft CEO Steve Ballmer (worth $83b) lost $13.5b while his ex-boss Bill Gates (worth $106b) lost $28b, albeit $20b of that via charity donations.


T
Thomas Ricker6:45 AM UTC
Check out this delightful DART Easter egg.

Just Google for “NASA DART.” You’re welcome.


R
Twitter
Richard Lawler12:00 AM UTC
A direct strike at 14,000 mph.

The Double Asteroid Redirection Test (DART) scored a hit on the asteroid Dimorphos, but as Mary Beth Griggs explains, the real science work is just beginning.

Now planetary scientists will wait to see how the impact changed the asteroid’s orbit, and to download pictures from DART’s LICIACube satellite which had a front-row seat to the crash.


M
The Verge
We’re about an hour away from a space crash.

At 7:14PM ET, a NASA spacecraft is going to smash into an asteroid! Coverage of the collision — called the Double Asteroid Redirection Test — is now live.


E
Twitter
Emma RothSep 26
There’s a surprise in the sky tonight.

Jupiter will be about 367 million miles away from Earth this evening. While that may seem like a long way, it’s the closest it’s been to our home planet since 1963.

During this time, Jupiter will be visible to the naked eye (but binoculars can help). You can check where and when you can get a glimpse of the gas giant from this website.


E
Twitter
Emma RothSep 26
Missing classic Mario?

One fan, who goes by the name Metroid Mike 64 on Twitter, just built a full-on 2D Mario game inside Super Mario Maker 2 complete with 40 levels and eight worlds.

Looking at the gameplay shared on Twitter is enough to make me want to break out my SNES, or at least buy Super Mario Maker 2 so I can play this epic retro revamp.


R
External Link
Russell BrandomSep 26
The US might still force TikTok into a data security deal with Oracle.

The New York Times says the White House is still working on TikTok’s Trump-era data security deal, which has been in a weird limbo for nearly two years now. The terms are basically the same: Oracle plays babysitter but the app doesn’t get banned. Maybe it will happen now, though?


R
Youtube
Richard LawlerSep 26
Don’t miss this dive into Guillermo del Toro’s stop-motion Pinocchio flick.

Andrew Webster and Charles Pulliam-Moore covered Netflix’s Tudum reveals (yes, it’s going to keep using that brand name) over the weekend as the streamer showed off things that haven’t been canceled yet.

Beyond The Way of the Househusband season two news and timing information about two The Witcher projects, you should make time for this incredible behind-the-scenes video showing the process of making Pinocchio.