The team behind the app Houseparty, which has become a lockdown phenomenon, has announced a $1 million bounty for proof that recent rumours relating to a hack of their app or of their data were spread as part of a paid commercial smear campaign to harm Houseparty.
This bounty has been offered in response to an overwhelming number of reports from individuals using the app that either they or their friends have had attempted hacks on their social media accounts, their Paypal accounts or even their bank accounts, which is being blamed on their installation of the Houseparty app to their phone. Reports are coming in their thousands that people have both the Houseparty app and have had attempts made to access their accounts and that the two things must be linked, however, there is no clear evidence to suggest this.
Unsubstantiated reports appear to have begun at 21:59 on 24th March, with a user called Adam stating: "So @houseparty isn’t secure, friend just had their Facebook account hacked after using it". However, this tweet doesn't pick up much traction, with only one like and no shares.
Further reports don't appear to begin until the 29th March, when at 11:12 a user called Chloe stated: "PSA everyone delete ur houseparty account as they have hacked my Spotify and Netflix from POLAND and the US". Chloe was retweeted 55 times and reached 129 likes. This appears to be the start of the viral speculation that Housepart was hacked.
At 16:32 on 29th March a user called Jade adds fuel to the fire, stating: "Would advise everybody to delete Houseparty. Seen a few people being hacked and then it’s happened to me this morning, spooky stuff". This tweet saw 8 retweets and 26 likes.
In response to this immense speculation of a hack and the offer of a $1 million bounty, these individuals are now being contacted by individuals seeking the origin of their claims, by journalists and cash seekers alike.
None of these individuals appears to have any proof that the hacks are linked to Houseparty. Epic Games state that "All Houseparty accounts are safe - the service is secure, has never been compromised, and doesn’t collect passwords for other sites.". At this time, there is no evidence to the contrary. However, this does not mean that a breach has not indeed occurred. Anyone who has not already deleted the app may be wise to err on the side of caution when deciding whether to download it. However, advice circulating to delete the app and any accounts to protect yourself will not help in the case of a potential breach of Houseparty that has already occurred.
Regardless of whether there has been a hack of Houseparty or not, users are seeing attempts on a number of accounts because they likely all have the same security problem; they probably all reuse their passwords. Anyone concerned about the security of their accounts, whether they have the Houseparty app or not should follow the below advice:
Check your email address on Have I Been Pwned to identify whether your credentials have previously been breached. If your email address results in a breach then you should change your password on all accounts using that password.
Install the Chrome Addon “Password Checkup”. When entering log-in credentials, this addon will check the entered data against breach data to identify if those exact credentials have previously been breached. This will save you from having to keep checking Have I Been Pwned.
Use a password manager like LastPass to generate unique passwords for each account that you have.
You should never use the same password for more than one account. That way, if an account is breached, the hacker can only access one of your accounts.
Don’t recycle passwords by adding a new number to a previous version.