Site icon Panda Security Mediacenter

The Houseparty Hack – Fact or Fiction?

Since the global COVID-19 lockdown started, teens have been flocking to the Houseparty app. Houseparty allows users to create video call sessions so that multiple people can chat at once. At a time when social gatherings are banned, the ability to play games or simply hang out together has been invaluable.

Why are people demanding we DELETE HOUSEPARTY?

Over the weekend several social media users began to report they had been hacked. Some said their Spotify accounts had been broken into while others claimed their Paypal accounts had been emptied of cash.

Pretty soon people took to Twitter advising other users to “DELETE HOUSEPARTY”. And like all social media trends, the advice spread very quickly. In the panic that followed, thousands of people deactivated or deleted their Houseparty accounts.

No reported hacks

Epic, the company behind the Houseparty app was quick to respond as soon as the rumours began to spread. They deny that any hack has taken place and that the Houseparty app is not linked in any way to the problems experienced by these users.

And today Epic went even further claiming, “We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty.” They went on to say, “We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to bounty@houseparty.com.”

So, what is going on? There are three plausible scenarios.

  1. Houseparty has been hacked

It is possible – but unlikely – that the Houseparty app has been hacked. With plenty of valuable personal data stored on Epic’s systems, the app would be an attractive target for hackers. But the $1m bounty offered by Epic would be small change against the potential GDPR fines for failing to report a personal data breach to the authorities.

  1. There really is a smear campaign underway

In the same way that nation states have begun developing cyberwarfare capacities to attack other countries, some businesses are using similar techniques against their competitors. Electronics giant Samsung was handed a $340,000 fine after paying students to ‘smear’ devices manufactured by their rival HTC for instance.

Epic’s claim that the ‘DELETE HOUSEPARTY’ movement is a smear campaign could be true.

  1. This is an unfortunate coincidence

The last – and most likely scenario – is that the reported ‘hackings’ are just a very unlucky coincidence. After having their accounts hacked they associated the event with the most recent app they installed – Houseparty.

The two events are probably completely unrelated however. More likely is that they have fallen victim to the trap of reusing passwords; cybercriminals have obtained their login by hacking another site – like the Canva breach last year. The hackers then simply test the stolen logins against other sites like Paypal – and sometimes they get lucky.

Don’t panic – but do take action

Until there is any evidence that the Houseparty app is at fault, you probably don’t need to delete it. You should however take this opportunity to review your password security – are you reusing login details between different services?

If so, it’s time to stop. Check out our extensive guide How To Protect Your Password for some useful tips.

Exit mobile version