The rise of audio-based social networking app Clubhouse has sparked concerns about privacy violations, data leaks, unauthorised imitation apps, sales of invitations for app access as well as audio deep fakes, say cybersecurity experts.
Reports from the BBC and Bloomberg show a user found a way to stream feeds from multiple chatrooms on the app, which flouted the platform's policy.
"There are potential cyber-risks and privacy concerns with the use of Clubhouse," said Prinya Hom-anek, a cybersecurity expert, at a recent virtual seminar on digital privacy organised by the Thailand Information Security Association.
To join the platform, people must be invited by existing users. Each member has a limit of two invitations. The app can only be downloaded via Apple's App Store now.
Mr Prinya said when people sign up for Clubhouse, the app can gain access to all the phone numbers of contacts from their devices. Whichever rooms users go in, others following them on the platform can learn this information.
He said there is also a risk of data leaks as someone in the room may record a conversation and publish it on other channels, such as YouTube.
"The EU found the app violates its General Data Protection Regulation," Mr Prinya said.
Meanwhile, Houseclub app has emerged on the Android system, which the developer said was created through reverse engineering Clubhouse. This unofficial app could pose a potential cyber-risk to users, he said.
Paiboon Amonpinyokeat, a managing partner of P&P law firm, said users on Clubhouse could be at risk of having their audio secretly recorded and edited by others who want to use it against them.
Clubhouse faces legal action in Germany for failing to comply with the data protection and consumer protection laws, he said.
Denis Legezo, security expert at Russia-based cybersecurity service provider Kaspersky, said there are two worrying issues about Clubhouse: the sale of invites and fake apps, which could lead to the exploitation of users.
Regarding fake apps, he said: "Attackers can distribute a malicious code under the guise of popular software, such as a fake version of Clubhouse for Android. A fake malicious app can do exactly what you allow it to do in the security settings of your Android -- to get a rough or accurate location of the device, record audio and video, or attain access to messengers".
According to Mr Legezo, there is also concern about malicious attempts to use high-quality recordings to train machine algorithms to create more sophisticated deep fakes.
Chanvith Iddhivadhana, Thailand country manager for cybersecurity firm Fortinet, said people should protect themselves online by engaging in safer practices. They should refrain from sharing identifiable personal information, such as real name, or information about where they live, he said.