Houseparty is the app that lets you play virtual games during a video conference with friends and family.
It’s become a massive hit since the coronavirus lockdown was put in place but it’s also been targeted by what it calls a ‘smear campaign’.
On Monday, the video messaging app’s makers denied claims circulating on social media that it has led to other online accounts – like Netflix or eBay – being compromised.
They then went on to offer a one million dollar bounty (£811,000) to anyone who can provide the service with proof that it was a ‘paid commercial smear campaign.’
Epic Games, the company that owns Houseparty, is also responsible for the mega hit Fortnite. It said that it had found ‘no evidence’ of a breach in its security and claims that it doesn’t collect any passwords for other sites.
As expected, cybersecurity professionals have descended on Houseparty and the general consensus is that it’s highly unlikely the app is stealing other account passwords.
‘There are two separate issues being discussed around Houseparty: First, it appears that many users are not aware of the privacy implications of how the app works and how people can “drop-in” when they don’t want or expect them to. This can obviously lead to awkward situations’ explained Christoph Hebeisen, director of security intelligence research at cybersecurity specialist company Lookout.
‘The second issue is the assertion that third-party accounts are being “hacked” through the House Party app.
‘These claims cover a wide variety of third-party services such as music and video streaming services as well as financial services. While there are numerous reports from users online we did not find any evidence to indicate that the HouseParty app as available from official App stores is to blame for compromises they are experiencing.’
The app encouraged users to use a unique password for each account and to use a password manager to keep track of login details, ‘rather than using passwords that are short and simple’.
This message was echoed by Javvad Malik, a security awareness advocate at KnowBe4.
‘There are a lot of comments on social media about accounts getting taken over with the finger of blame being pointed at Houseparty,’ he said.
‘There is no evidence to prove these claims, and neither is it clear how these accounts are being breached. It could be that bad actors have gained access to the passwords of Houseparty users and using those passwords against other websites.’
For its part, Epic Games maintains that users opt for a unique password for each account and to use a password manager to keep track of login details, ‘rather than using passwords that are short and simple’.
Source: Read Full Article