Private social app Clubhouse allows users to engage in informal conversations. The invite-only iOS application is used by Elon Musk with Facebook also looking to clone the chat service. However, concerns were raised around Clubhouse a couple of weeks ago with the Stanford Internet Observatory (SIO) citing numerous potential security weaknesses in the service. Today, Clubhouse has confirmed a security breach and placed new safeguards to prevent similar incidents in the future.
This situation feeds into the security concerns raised by the SIO a few days ago. One of these was Clubhouse user and chatroom IDs were being transmitted over the internet in plaintext instead of being encrypted.
Furthermore, SIO also revealed that the backend of the platform is handled by a Shanghai-based startup called Agora Inc. The Chinese company states that it "temporarily" stores raw audio data for processing in its servers but it is currently unknown how long this time period is and where the servers are situated. In a statement to The Verge, the firm confirmed that it does not route traffic produced by non-Chinese users through China. However, Agora declined to go into details about the security mechanisms and protocols in place to prevent security breaches, such as the one that took place over the weekend.