What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

What do you get when you add a totally free 1.3 Billion set of phone numbers and data from millions of Facebook profiles? A massive dox database of users now up for sale for $100,000.

The Clubhouse data breach earlier this year, while headline-worthy, resulted in a big nothing where all the phone numbers exfiltrated were simply posted on the Dark Web. But one enterprising hacker combined the Clubhouse data with several of the already famous Facebook breaches, along with other data sources to create a 3.8 billion-strong database of accounts.

It’s been posted up for sale for $100,000 to any and all takers who believe they can do some effective mischief and malice with it.

There are a few ways this data can be used:

  • SMiShing Attacks – if threat actors have your phone number and name, they can use texting to trick you into all kinds of badness; credential attacks, fraud, malware, and more.
  • Account Takeover Attacks – with the Facebook account details and phone number, it’s possible to potentially brute force account logins, even perform SIM-swapping for accounts using SMS as their 2Fa.
  • Social Engineering Attacks – I’ve seen successful attacks with less pertinent or valuable details over the years. Having your current phone number and Facebook logon is easily enough to trick users into giving up their credentials, credit card details, and more.

This latest sale of data raises a major red flag for organizations – with literally billions of users prime for social engineering scams, this data set can easily be used to target executives, those in the Finance department, etc. in an interest to infect corporate endpoints, install ransomware, etc.

Users should be warned against any kind of notification that either overtly is tied to Facebook or could remotely be associated with their Facebook account. Users that undergo continual Security Awareness Training should already be aware of this potential scam and be vigilant against it.

** Optrics Inc. is an Authorized KnowBe4 partner

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Free Phishing Security TestHere’s how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry
Go Phishing Now!


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

The original article can be found here:


Leave a Reply

Your email address will not be published. Required fields are marked *