sb-as logo
Story image

Houseparty denies security breach as users accuse app of hacking accounts

The new reality of social isolation has well and truly set in for millions around the world living in lockdown in the wake of the COVID-19 pandemic.

As social beings with an internet connection, some have gravitated towards an app called Houseparty, a face-to-face video hosting service like FaceTime, but with the added bonus of built-in interactive games.

The app, originally launched in 2016, is fast becoming a staple among the socially-deprived, and with all the new attention and publicity, it seemingly has nowhere to go but up – according to Apptopia data cited by VentureBeat, Houseparty’s downloads surged by 2,000% from mid-February to mid-March.

Except now it is facing accusations from users that some of their other accounts, like Netflix and Spotify, have been hacked as a result of having used Houseparty.

Some users also claimed their PayPal account was affected by Houseparty. However, a spokesperson from PayPal noted that 'no PayPal accounts globally were compromised as a result of the Houseparty app'. 

Users tweeted screenshots of what they say are compromised accounts from other services, blaming Houseparty.

In a response, Houseparty has said that it has seen no evidence of a breach and told Business Insider that users should refrain from using the same passwords and usernames across different accounts.

“As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform,” says a Houseparty spokeswoman. 

“Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple.”

Sophos senior security advisor John Shier agrees, saying the explanation for the compromised user accounts is a lack of security hygiene, rather than privacy violations committed by Houseparty, of which there is no evidence.

"The news that Houseparty has been hacked is causing a bit of a stir on social media at the moment,” says Shier.

“The puzzling thing is that there's no evidence to suggest that Houseparty has been hacked and credentials stolen. 

“One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others,” says Shier.

“Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. 

“Correlating these two events seems to be what's causing all the fuss. If you are worried about these types of cyberattacks, our advice is to always turn on multifactor authentication (when available) and use a password manager to create and store long, complex and unique passwords for each service you sign up for."

Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Story image
Interview: Acronis co-founder on going all-in for DLP
Data-loss prevention (DLP) strategies are a cornerstone of wider cybersecurity ecosystems, especially to counter the risks of remote working. Acronis co-founder Stas Protassov explains its significance and why it acquired a DLP powerhouse.More
Link image
The wide world of data: Clear, actionable insights in one hub
Whether you’re interested in modern data warehouses or data ingestion and collection, this is your one-stop hub for creating strategies that deliver data insights that you can take action on.More
Story image
Tanium and Google Cloud bring greater security to distributed IT
“This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools."More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More
Story image
Video: 10 Minute IT JamsAttivo Networks on threat detection using deception
Attivo Networks is a US-based technology vendor in the cybersecurity space. The company focuses on threat detection and deception.More