Users of the social media app claim it was breached, causing various other accounts to be compromised. Investigations still pending.
By now many readers should have experienced working from home at least once during the Covid-19 pandemic. For those who have been doing that more often, word about the Houseparty app has been going around.
Houseparty is a face-to-face social networking app that allows you to go online and hang out. Other members can join you in your “room” and engage in a face-to-face chat, or as close to face-to-face as you can get in a virtual world.
However, two days ago, users of the app have been claiming that their other accounts have been subsequently hacked, saying their PayPal, Netflix, and Spotify accounts have been compromised. On the other hand, Houseparty says it has seen no evidence of a breach, and has advised people not to reuse the same usernames and passwords across different accounts.
John Shier, senior security advisor at Sophos, commented: “The news that Houseparty has been hacked is causing a bit of a stir on social media at the moment. The puzzling thing is that there’s no evidence to suggest that Houseparty has been hacked and credentials stolen. One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others.”
Shier was alluding to the fact that criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. Correlating these two events seems to be what may be causing all the fuss. “If you are worried about these types of cyberattacks, our advice is to always turn on multifactor authentication (when available) and use a password manager to create and store long, complex and unique passwords for each service you sign up for,” Shier added.
On a side note, there has been advice to revisit Houseparty settings and decide how open you want to be. Do you want your rooms to be “locked” so you meet new people by invitation only? If not, or if you are scared of the app because trolls have been wandering into your online life, consider dialing back your openness rather than deleting the app, but not changing your (user) behavior.
While you are at it, considering going through the same exercise for all your social media accounts.