sb-au logo
Story image

Houseparty denies security breach as users accuse app of hacking accounts

The new reality of social isolation has well and truly set in for millions around the world living in lockdown in the wake of the COVID-19 pandemic.

As social beings with an internet connection, some have gravitated towards an app called Houseparty, a face-to-face video hosting service like FaceTime, but with the added bonus of built-in interactive games.

The app, originally launched in 2016, is fast becoming a staple among the socially-deprived, and with all the new attention and publicity, it seemingly has nowhere to go but up – according to Apptopia data cited by VentureBeat, Houseparty’s downloads surged by 2,000% from mid-February to mid-March.

Except now it is facing accusations from users that some of their other accounts, like Netflix and Spotify, have been hacked as a result of having used Houseparty.

Some users also claimed their PayPal account was affected by Houseparty. However, a spokesperson from PayPal noted that 'no PayPal accounts globally were compromised as a result of the Houseparty app'. 

Users tweeted screenshots of what they say are compromised accounts from other services, blaming Houseparty.

In a response, Houseparty has said that it has seen no evidence of a breach and told Business Insider that users should refrain from using the same passwords and usernames across different accounts.

“As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform,” says a Houseparty spokeswoman. 

“Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple.”

Sophos senior security advisor John Shier agrees, saying the explanation for the compromised user accounts is a lack of security hygiene, rather than privacy violations committed by Houseparty, of which there is no evidence.

"The news that Houseparty has been hacked is causing a bit of a stir on social media at the moment,” says Shier.

“The puzzling thing is that there's no evidence to suggest that Houseparty has been hacked and credentials stolen. 

“One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others,” says Shier.

“Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. 

“Correlating these two events seems to be what's causing all the fuss. If you are worried about these types of cyberattacks, our advice is to always turn on multifactor authentication (when available) and use a password manager to create and store long, complex and unique passwords for each service you sign up for."

Story image
Three security essentials for financial services
Financial services organisations must provide the best possible customer experience in terms of mobile and online application availability, performance and security, writes Gigamon country manager for A/NZ George Tsoukas.More
Story image
Countering the evolving threat of ransomware
Cyber-criminals will continue to change their methods to maximise the chance of success, writes Zscaler regional vice president and A/NZ country manager Steve Singer.More
Story image
Cyber-pandemic: The most notable cyber attacks of 2020
2020 and the COVID-19 pandemic saw employees move to remote working, keeping IT professionals on high alert for cyberattacks. More
Story image
Ingram Micro advances dedicated security practice with new hire
Lazarus has strong advice for all resellers. He says, “If you’re not talking security as part of every customer engagement, you're not having the right conversation.”More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
Stone & Chalk and AustCyber confirm strategic merger
"The integration of Stone & Chalk and AustCyber will enable our joint organisation to pursue a resilient and prosperous future not just for founders, enterprise and governments, but for all of Australia.”More