A gigantic database of combined information from Clubhouse and Facebook users is for sale on cybercriminal forums. As reported by the Cybernews, on Thursday (23), the leak could affect 3.8 billion phone numbers of platform users and their contacts.

The package offered for $100,000, equivalent to R$537,000 at today’s quote, includes names, phone numbers, Clubhouse ratings and links to Facebook profiles. It arose from other major leaks whose information was combined.

In July, a breach of the audio chat app’s servers resulted in the exposure of 3.8 billion phone numbers, allegedly belonging to the service’s users and contacts included in their calendars. The file was offered for sale at the time, but did not attract interested parties.

The package is for sale on cybercriminal forums.Source: CyberNews/Reproduction

Therefore, cybercriminals decided to cross the data extracted in this campaign with the information leaked in April of 533 million profiles of the social network of Mark Zuckerberg. The result was the creation of a much more complete and attractive list.

Account control and smishing attacks

With the new build born from the mix of leaked data from Clubhouse and Facebook, the information can be used in different ways, such as to fuel account control attacks. In this method, cybercriminals hack into accounts looking for any information that can be monetized.

Through these campaigns, they can steal credit card numbers and verification codes stored in the profile, for example, to make fraudulent purchases or sell the data.

The leaked information is also useful for carrying out smishing attacks. The technique consists of phishing attempts via SMS, sending false messages to contacts with stolen numbers, posing as financial institutions or companies in other industries, inducing the recipient to click on a malicious link.