«
»

Video call app Huddle01 exposes user IPs, emails tied to crypto wallet addresses

The Cybernews research team has recently discovered that a decentralized video call app, Huddle01, was leaking real-time user logs through an exposed instance of Kafka Broker. No authentication, no encryption, or other access controls were used to protect the data, meaning that any third party could access it.

The exposed data included:

  • Usernames (sometimes real names);
  • Email addresses;
  • Crypto wallet addresses (Huddle01 supports a wide array of wallets that operate on different blockchains (Bitcoin, Ethereum, etc.);
  • Detailed activity data: which users joined specific calls, participants in each call, country, time, date, duration of the calls, etc.
  • Other identifiers.

The leak was discovered on August 26th, 2025. Cybernews responsibly disclosed the data leak to the company. However, it did not respond to the initial disclosure and subsequent attempts. After one month, the exposed server remained accessible. It’s unclear how many other third parties might have accessed the data.

For more information on this, here’s the full report:

https://cybernews.com/security/video-call-app-huddle01-leaks-sensitive-user-data

This entry was posted on October 15, 2025 at 12:45 pm and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Video call app Huddle01 exposes user IPs, emails tied to crypto wallet addresses”

  1. Huddle01’s Misconfigured Server Leaves Sensitive Data Exposed Says:
    October 16, 2025 at 5:08 am

    […] newly discovered data exposure in the decentralized video-calling platform Huddle01 has left sensitive user information visible online, potentially linking email addresses, crypto […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading