Houseparty has been, without a doubt, one of the protagonists of the quarantine. Being a big unknown, this application of video calls from Epic Games, games for macOS, iOS and Android managed to occupy the first positions in the list of most downloaded apps of the App Store and the Google Play Store. In the first, is still third-after his rival zoom, and Disney+.
However, in the day of yesterday, the image of Houseparty began to go wrong, when many users in social networks began to to report your accounts to services such as Spotify, Snapchat or Uber had been hacked through a hack to HouseParty.
Houseparty denies the hacking, and assert that all its safe
After the barrage of messages claiming that the hack was related to HouseParty, from the official twitter service launched a fresh and reassuring message: “All the accounts of the Houseparty are safe: the service is safe, never has been committed and does not collect passwords for other sites”.
All Houseparty accounts are safe – the service is secure, you have never been compromised, and doesn’t collect passwords for other sites.
— Houseparty (@houseparty) March 30, 2020
Today from the company Epic Games have gone beyond, and have come to affirm that they are investigating, “hints that the recent rumours of hacking were disseminated by a commercial campaign of slander paid for damage to Houseparty.” As a response, claiming to offer “a reward of $ 1,000,000 to the first person who submits evidence of such a campaign.”
We are investigating indications that the recent hacking rumors were spread by the paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to firstname.lastname@example.org.
— Houseparty (@houseparty) March 31, 2020
Remember that with the entry into force of the General Regulation of Data Protection (GDPR), there is a legal obligation to notify of data breaches in a period of up to 72 hours since these have been detected. Otherwise, companies will face heavy fines.
What may be behind the complaints
In social networks, they are sharing many catches of notices of Spotify or Uber accesses foreign accounts. These are the emails that we receive when living in Spain, suddenly we connect in Moscow. The application detects an access to strange and notify us so that we are abreast of, if not us
These hacks can exist is a fact, because every day are many of these accesses are malicious accounts. That such hacks have to do with HouseParty is what no one has demonstrated on social networks. Users are not related to computer security have been launched to accuse HouseParty without that there is no professional report, or with evidence that points in that direction.
That is to say, we can give credibility to that many users are receiving emails from Spotify with notices access malicious accounts, but we can not say that these accesses have to do with a hacking of HouseParty. May be HouseParty, yes, but it could also be a hack of any of the other great apps that almost everyone has installed on your smartphone. With the data that we have, for the moment, we can’t know.
There may be a case of reuse of old passwords present in databases hacking. That is to say, accounts of Uber, Snapchat or Apple (it has also been mentioned in some cases) have used the same passwords, and now a group of hackers has decided to attack them. But, again, there is no evidence that access to the passwords of the HouseParty has a relationship with the other cases.
What we can say, as always, is that you use two-factor authentication, that you do not use the same passwords on multiple services, and that you did, change them as soon as possible. Let us remember that just a year ago, were discovered seven collections with 3,500 millions of leaked credentials. To check if your email address has been compromised, we recommend the use of Have I Been Pwned?
it was originally published in