It seems to be the ‘in’ thing at the moment: 1: user data from a social platform shows up somewhere unsavoury online. 2: staff at that social platform rush to explain that it’s really not that big a deal and people shouldn’t worry about it.
We saw this play out with Facebook
last week, and this week it was Clubhouse’s turn, as 1.3 million users’ names, usernames, Twitter and Instagram handles, and follower counts showed up on a hacker forum.
As the Verge explained, Clubhouse co-founder Paul Davison was very keen to play the news down when asked if the platform had been hacked:
Davison said in response to a question during a town hall that the platform had not suffered a data breach. “No, This is misleading and false, it is a clickbait article, we were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no.’”
He’s right, it is information any Clubhouse user can access by visiting users’ public profiles in the app. This stuff isn’t secret. But the way Clubhouse communicated about the incident demonstrates a lack of understanding of the issues beyond any threat to the company’s own reputation.
Like Facebook with its ‘this is old news’ response (see last week’s newsletter
), Davison’s response (as quoted by the Verge) fails to show any empathy with the people whose data was taken from Clubhouse (where they intended to share it) and placed on a hacker forum (where they presumably would absolutely not want it showing up).
Tech companies may not be able to stop this ‘scraping’ of data outright, but the least they could do is show some understanding that many users won’t be happy that data they entrusted to one company has ended being hijacked by someone else.
I’m pretty sure this won’t be the last time we’ll see user data scraping in the news. Just because it’s not hacking into a company’s servers, doesn’t mean it’s harmless for users.