Can Houseparty be hacked? Should you delete Houseparty from your phone? Well, these are some of the questions that Houseparty users are grappling with right now due to various rumours and reports highlighting vulnerability in the video chat app. Houseparty has attracted the eyeballs of thousands of users globally thanks to the coronavirus outbreak and lockdowns imposed in various markets. The makers of the app, however, have claimed the recent vulnerability reports as a “paid smear campaign.” The Houseparty team is also offering $1 million (roughly Rs. 7.55 crores) bounty for finding the source of the propaganda.
The official Twitter account of the Houseparty app on Tuesday announced the $1 million bounty for producing the proof of the smear campaign. In a separate tweet posted on Monday evening, the team also asserted that all Houseparty accounts were safe and the service was secure.
“We have spent the past few weeks feeling humbled and grateful that we can be such a large part of bringing people together during such a hard time,” the team noted alongside announcing the bounty.
The Houseparty app became an overnight sensation due to the coronavirus-focussed lockdowns imposed in various countries and social distancing has emerged as the only solution so far to resist the deadly virus attack. Recent reports by app analytics companies such as Apptopia and Sensor Tower highlighted its growth.
However, Houseparty has not remained unscathed as it grows popular with each day. Many of its users have reported vulnerabilities that not just impact the user data stored on the app but also put other apps at risk. Several people on Twitter claimed that some of the other apps available on their phones were locked out after downloading Houseparty. Screenshots provided by the users showed Netflix and Spotify amongst the affected apps.
*Attention* delete house party app. Ever since downloading it I’ve had someone try to hack my Instagram account … could be coincidence or could be some sicko using this dark time for their advantage! #besafe pic.twitter.com/H69IUpUYyH
— Corbin Mackin (@CorbinMackin) March 31, 2020
Soon after the rumours of getting hacked surfaced by purported Houseparty users, a number of people started deleting the app from their phones.
Had to delete houseparty too many people getting hacked on all socials, be careful!! x
— Melisa x (@melisaacrri) March 31, 2020
Had to delete the houseparty app.
It was fun while it lasted 😅
— rujena™ (@RujenaDarlinx) March 31, 2020
But in reality, the Houseparty app has no direct relation with third-party apps — neither Netflix nor Spotify. The app does ask users to provide access to their contacts and connections on Facebook and Snapchat.
Experts say there is no concrete evidence to suggest that the Houseparty app has been hacked or credentials on its platform have been stolen.
“One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others,” said John Shier, Senior Security Advisor, Sophos. “Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. Correlating these two events seems to be what’s causing all the fuss.”
Shier recommended users to turn on multi-factor authentication and use a password manager to create complex and unique passwords for each service you log in to. He also mentioned that deleting Houseparty couldn’t be the solution as removing an app doesn’t guarantee the recovery of any data loss.
Having said that, Paul Duklin, Principal Research Scientist, Spohos, emphasised that users should change the settings of the app to reduce data sharing with its makers.
“Do you want your rooms to be ‘locked’ so you meet new people by invitation only? If not, or if you are scared of the app because trolls have been wandering into your online life, consider dialling back your openness rather than deleting the app but not changing your behaviour,” Duklin said.