Eugen RochkoAs much as I'd like to see Clubhouse fail it's a bit ridiculous the media is running with a "leak" of user data... It's all public profile stuff
stux⚡️@Gargron it's still a db hack lol
@stux It's not, actually
@Gargron so free open to download from their platform? link pl0x?
@stux If my understanding is correct, if you have an API token (which you can intercept from the app on your phone) you can use their search API to iterate over all users
@Gargron Hmm, that "should be" restricted right? if then it would be indeed just a "simple download" lol
@stux You could argue that there should be an upper limit of results returned by search and rate limits to slow down scraping of data but ultimately I don't see anything that would classify it as unauthorized access at all. All the information obtained is something you would see by visiting each user's profile.
@Gargron damn.. Still a big error from their side i think. It's indeed public info but now it's in such a way easy searchable and packed for attackers so to say 
I don't mind if my email is "leaked" as is but when more info is added i get more and more spooked
Григорий КлюшниковEugen, the API has been completely reverse engineered, long ago. Enough to log in from scratch, you don't even need to extract the token form the actual app. Yes, they do ban accounts that exhibit unusual behavior or make too many requests over short time periods. For that matter, they banned some of the accounts made through that Android app of mine.
Yes it's public stuff and public stuff only. I don't see why it's worthy of any excitement.