Is Houseparty safe? Created Ruckus in the Social Media
Social media service denies its service has been hacked, and is offering a million-dollar bounty to anybody who can prove otherwise, it is a video chat and social media network that has shot to prominence during the Covid-19 coronavirus lockdown, has been forced to deny it has been the victim of a hack, and is offering a $1m (£800,000/€900,000) bug bounty to anyone who can prove otherwise.
The service, which is owned by Epic Games, the US studio behind the Fortnite franchise, has become the subject of a deluge of rumours that its service has been compromised by cyber criminals. Many users of the service have reported that their Netflix, PayPal and Spotify accounts have been compromised.
The Houseparty app has soared to immense popularity, with the millions around the world self-isolate during the coronavirus pandemic. The Houseparty app lets you hang out with pals in a virtual environment .
A Houseparty spokesperson said: “All Houseparty accounts are safe – the service is secure, has never been compromised, and doesn’t collect passwords for other sites. The Houseparty spokesperson said: “All Houseparty accounts are safe – the service is secure, has never been compromised, and doesn’t collect passwords for other sites.
The app has seen pranksters hopping into calls to cause havoc – but there are ways to get around this and the app does also ask for a large amount of information, which may worry the privacy-conscious.
However, with the right settings, you can have a great time on Houseparty. Even tech titans like Facebook can suffer hacks or leaks, so always be vigilant with your information online.
Houseparty is owned and operated by Epic Games, the major US firm behind hit games Fortnite and Gears of War and the users flooded to Twitter reporting other accounts – like Spotify or PayPal – had been hijacked after downloading Houseparty.
"We’ve found no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts," an Epic Games spokesperson said.
John Shier, senior security adviser at Sophos, suggested that Houseparty users may actually be falling victim to credential stuffing attacks, which are a function of poor password hygiene, and not a failing of a service provider.
“The news that Houseparty has been hacked is causing a bit of a stir on social media at the moment,” said Shier. “One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others.
“Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. Correlating these two events seems to be what’s causing all the fuss.”
Shier added: “If you are worried about these types of cyber attacks, our advice is to always turn on multifactor authentication (when available) and use a password manager to create and store long, complex and unique passwords for each service you sign up for.”
In the light of a growing and vocal movement urging users to uninstall and boycott the service, Sophos said it was unwise for users to accuse Houseparty or Epic Games of malfeasance without strong evidence.
“The fact that lots of people repeated the same condemnatory text on Twitter proves nothing,” said Paul Ducklin, one of the firm’s Naked Security analysts. “If you aren’t part of the solution, then you are part of the problem.”
"As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform."Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple."
Houseparty claims it hasn't been hacked, but has been targeted by a smear campaign.The second statement read: "Our investigation found that many of the original tweets spreading this claim have been deleted and we've noticed Twitter accounts suspended.
Houseparty said that it was "investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign and we are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign.The release says.