The exclusive, invitation-only iPhone app "Clubhouse" has been making a big splash on the Internet lately, but it is not without its problems. Security researchers have already identified a serious flaw in the app's security that has been exploited by unknown hackers.

One user was able to stream audio from a clubhouse room to his website. This user was subsequently banned, and the company has promised to strengthen its security measures to prevent this from happening again.

The hacker was discovered when a cybersecurity expert discovered that audio and metadata were being transferred from Clubhouse to another site. It was later discovered that the perpetrators had built a system around the JavaScript toolkit used to compile the Clubhouse application to achieve this. [According to Internet 2.0 CEO Robert Potter (via Bloomberg), "One user set up a way to remotely share his login with people around the world. [Clubhouse is currently an invite-only app for the iPhone, and you can't sign up for it the same way you can for Twitter or Facebook. Perhaps the hackers exploited an existing security hole as a way to let non-users hear conversations they normally would not have access to.

The security hole in question was recently discovered by the Stanford Internet Observatory (SIO), which found that personally identifiable information, including Clubhouse users and chat room IDs, was being sent in plain text, and that raw audio files They also discovered that it is possible to obtain.

Initially, this led to concerns about the involvement of Chinese startup Agora, on whose back-end systems the Clubhouse relied. If Agora owned Clubhouse's data, it would have to legally hand it over to the Chinese government if requested. This information was so damaging to its reputation that the clubhouse was forced to install a more robust system and promise that all data would remain on U.S. servers.

It is clear that the measures planned by the clubhouse were not sufficient or have not yet been implemented; according to SIO researcher Jack Cable, the clubhouse has declined to say what additional steps it has taken to avoid such breaches in the future.

Clubhouse was launched only last year, but only recently came to the public's attention when Elon Musk used it to interview Robinhood CEO Vlad Tenev. Since then, the Clubhouse's popularity has grown rapidly, but the invitation system has severely limited the number of people who can attend. Until the situation changes, we will have to wait patiently. Given the security hole that was discovered, it is probably a good thing that you can still participate.