SecurityBrief Asia logo
Story image

Houseparty denies security breach as users accuse app of hacking accounts

The new reality of social isolation has well and truly set in for millions around the world living in lockdown in the wake of the COVID-19 pandemic.

As social beings with an internet connection, some have gravitated towards an app called Houseparty, a face-to-face video hosting service like FaceTime, but with the added bonus of built-in interactive games.

The app, originally launched in 2016, is fast becoming a staple among the socially-deprived, and with all the new attention and publicity, it seemingly has nowhere to go but up – according to Apptopia data cited by VentureBeat, Houseparty’s downloads surged by 2,000% from mid-February to mid-March.

Except now it is facing accusations from users that some of their other accounts, like Netflix and Spotify, have been hacked as a result of having used Houseparty.

Some users also claimed their PayPal account was affected by Houseparty. However, a spokesperson from PayPal noted that 'no PayPal accounts globally were compromised as a result of the Houseparty app'. 

Users tweeted screenshots of what they say are compromised accounts from other services, blaming Houseparty.

In a response, Houseparty has said that it has seen no evidence of a breach and told Business Insider that users should refrain from using the same passwords and usernames across different accounts.

“As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform,” says a Houseparty spokeswoman. 

“Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple.”

Sophos senior security advisor John Shier agrees, saying the explanation for the compromised user accounts is a lack of security hygiene, rather than privacy violations committed by Houseparty, of which there is no evidence.

"The news that Houseparty has been hacked is causing a bit of a stir on social media at the moment,” says Shier.

“The puzzling thing is that there's no evidence to suggest that Houseparty has been hacked and credentials stolen. 

“One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others,” says Shier.

“Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. 

“Correlating these two events seems to be what's causing all the fuss. If you are worried about these types of cyberattacks, our advice is to always turn on multifactor authentication (when available) and use a password manager to create and store long, complex and unique passwords for each service you sign up for."

Story image
New wormable Android malware discovered through auto-replies in WhatsApp
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
Zscaler expands CIEM solutions with Trustdome acquisition
Zscaler, the cloud security company, has officially entered into a definitive agreement to acquire Trustdome, a Cloud Infrastructure Entitlement Management (CIEM) company.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More