Video meetings app Huddle01 leaking user data: emails, wallet addresses exposed

Published: 15 October 2025
Last updated: 29 October 2025
Huddle01 data leak

A video meetings app from the Huddle01 platform, aimed at decentralized Web Real-Time Communication (WebRTC), had promised its users more security. However, sensitive user data, including emails, IPs, and crypto wallet addresses, was found leaking from an unprotected server.

Key takeaways:
  • Huddle01, a video call app, was found leaking user emails, IP addresses, crypto wallet addresses, and other data from an unprotected server.
  • The exposed instance of Kafka Broker was updated in real time with no authentication or encryption. The leak is now closed.
  • Cybercriminals can leverage the data to target the platform’s users in sophisticated social engineering attacks.

The Cybernews research team discovered a publicly accessible and unprotected instance of Kafka Broker, a distributed event-streaming platform, that transmitted real-time logs from a video conferencing platform. No authentication, no encryption, or other access controls were used to protect the data.

ADVERTISEMENT

The instance contained over 621,000 log entries from the last 13 days, belonging to Huddle01, an app developed by Graphene01 Labs.

The app developer claims that no user data is collected or shared with third parties on the app stores.

“Huddle01 Meet makes your video meetings and audio calls more secure and efficient,” the description says.

However, the exposed instance contained the following:

  • Usernames (sometimes real names)
  • Email addresses
  • Crypto wallet addresses (Huddle01 supports a wide array of wallets that operate on different blockchains (Bitcoin, Ethereum, etc.)
  • Detailed activity data: which users joined specific calls, participants in each call, country, time, date, duration of the calls, etc.
  • Other identifiers

All data was transmitted in real time, and any third party could access this data without authentication.

“The app, with over 100,000 claimed users, is relatively popular compared to other Web3 projects, and is actively used by crypto enthusiasts. However, the integration of the blockchain leaves them at greater risk, as it helps to deanonymize crypto wallet owners and map their relationships,” the Cybernews research team said.

“There is a level of irony that a platform advocating for decentralization and privacy puts name tags on crypto wallets, as well as contact details and other metadata.”

ADVERTISEMENT
huddle01-website

“Huddle01: Video Meetings App” has over 50,000 downloads on the Google Play Store and 51 ratings on the iOS App Store, with an average rating of 4.7 stars.

Cybernews responsibly disclosed the data leak to the company. However, it did not respond to the initial disclosure and subsequent attempts. After one month, the exposed server remained accessible. It’s unclear how many other third parties might have accessed the data.

We also reached out to the platform for a comment and will update the story with their response.

The Kafka broker instance remains open at the time of writing.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“Huddle01 is committed to data transparency, user control, and responsible data stewardship across its decentralized communication infrastructure,” the privacy policy of the platform reads.

Users in danger

When Cybernews researchers checked the exposed server, it contained over 621,000 log entries spanning a timeframe of 13 days, from 2025-08-13 19:21UTC to 2025-08-26 8:54UTC. Many log entries were duplicates because logs were made whenever a user joined or disconnected from the meeting.

Unencrypted logs with personal information contained the domain name of the company, making the attribution easier.

ADVERTISEMENT
huddle01-leak1

Kafka Broker is designed for real-time data streaming and processing, and it doesn’t usually retain all historic data the same way a traditional database would. The number of streamed messages that are held in cache depends on the individual cluster configuration.

“We observed new entries being added in real time. A malicious actor could leave a ‘collector’ listening to the insecure Kafka broker for potentially months to obtain more customer behavioural data and other information,” the Cybernews researchers said.

According to Huddle01’s whitepaper, the platform aims to build a decentralized real‐time communication (RTC/dRTC) network and associated tools.

However, the leak demonstrates that the platform uses centralized infrastructure to store and stream sensitive user information, making it no safer than the alternatives.

“Exposed personally identifiable information, together with crypto wallet addresses, allows for a range of attacks against the platform’s users. Cybercriminals can attempt targeted phishing attacks, build relationship maps, and use them for more sophisticated social engineering attacks,” the researchers explain.

The leaked information helps identify users who hold significant amounts of cryptocurrency and target them, leveraging leaked emails and relationships with other users.

huddle01-leak2

Huddle01 is a platform by Graphene01 Labs, a private company headquartered in Delaware, US. It’s building a decentralized communication network that enables high-quality audio/video meetings between wallet owners across chains.

Secure authentication is paramount

ADVERTISEMENT

Without authentication, encryption, and IP whitelisting features enabled, anyone can connect to the Kafka Broker instances and access the data sent through the broker. Companies that expose such data may face legal, reputational, and financial consequences for failing to secure private customer information.

“Ensure that authentication features are enabled, data is encrypted in transit, and that the Kafka instance is no longer accessible from the open internet,” the Cybernews research team advises.

App users should stay vigilant and expect potential crypto-related scams directed to their email addresses or social media accounts.

Has my data been leaked?
Check Now

“To unlink their wallet addresses from their identities, users should liquidate funds in their currently used crypto wallets, stop using the leaked addresses, and create new ones,” the researchers recommend.

Cybernews has reported on many data leaks originating from exposed Kafka Broker instances due to misconfigurations and other inadvertent operational practices.

The researchers previously discovered unprotected Kafka instances used to store sensitive chats with AI girlfriends apps. Other exposures include Brazilian healthcare giant Unimed, food delivery services in Turkey, parental control app KidSecurity, a trusted Shopify plugin, and many others.

Instance secured

Huddle01 Team from Graphene 01 Labs informed Cybernews that the Kafka broker instance is now secured. The team also reviewed the infrastructure to ensure such exposures do not recur.

“We genuinely appreciate your team for responsibly reporting the issue,” the spokesperson said.

ADVERTISEMENT

Huddle01 also clarified that the initial disclosure email was inadvertently directed to their spam folder, leading to a delay in their response.

Updated on October 29th [07:30 a.m. GMT] with a statement from Huddle01.

  • Leak discovered: August 26th, 2025
  • Initial disclosure: August 27th, 2025
  • CERT informed: September 3rd, 2025

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT