Houseparty is offering a $1 million (£811,000) bounty to anyone that can prove it has been the target of a ‘smear campaign’ amid rumours the popular app for people in quarantine has been hacked.
On Monday, the video messaging app’s makers denied claims circulating on social media that it has led to accounts on other services being compromised.
Houseparty has now said it is looking into suggestions that the hacking rumours had been created as part of a ‘paid commercial smear campaign’.
The group video calling service has risen to prominence during the coronavirus pandemic as it allows people to stay in touch during isolation.
Houseparty is looking into suggestions that hacking rumours have been created as part of a `paid commercial smear campaign´
The app has been particularly useful in locked-down countries such as the UK to catch up with friends and family while apart.
However, numerous posts appeared on social networks from users alleging that the app has resulted in their other online accounts being hacked.
Users reported people accessing their Netflix, eBay, Instagram and Spotify logins from a range of countries including Russia.
One person wrote: ‘Everyone delete your Houseparty account as they have hacked my Spotify and Netflix from Poland and the US.’
‘We are investigating indications that the recent hacking rumours were spread by a paid commercial smear campaign to harm Houseparty,’ the app said in a tweet.
‘We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to [email protected].
‘We have spent the past few weeks feeling humbled and grateful that we can be such a large part of bringing people together during such a hard time.’
Houseparty is owned by Epic Games, the company behind popular battle royale game Fortnite – it allows people to create open chat rooms.
As well as concerns over people gaining access to other services after downloading houseparty, some say the app itself has problems.
People on Twitter shared horror stories about uninvited guests logging into their video chats including one while they were in the bath.
Privacy campaigners warned users to take precautions to protect against intruders.
Houseparty allows people to create open chat rooms where they can drop in on their phone book, Snapchat or Facebook contacts’ calls, unless the group is ‘locked’ by one of the participants.
Edan Simpson wrote on Twitter: ‘Today, whilst having a beer in the bath, I was on Houseparty with a friend and her boss literally entered our chat as I was naked and drunk to say ‘HI THERE’ then leave and I’m still computing it.’
Other users said they had received notifications from their exes inviting them to connect and others complained about ‘uninvited random’ people in chats.
Rosie Collins dropped into her friend Erin’s chat with her mother and shared the resulting screenshot
Houseparty took to Twitter to say they were actively investigating rumours of a commercial smear campaign and offering a bounty for proof of the smear
On Monday, the app said it had found ‘no evidence’ of a breach and confirmed to users that it does not collect passwords for other sites – such as Facebook and Snapchat – which can be connected to Houseparty to help users find contacts.
The app encouraged users to use a unique password for each account and to use a password manager to keep track of login details, ‘rather than using passwords that are short and simple’.
Privacy specialists Farrer & Co, the firm used by the Queen, said hackers and criminals can exploit flaws in Houseparty’s systems to access highly sensitive data.
Associate Thomas Rudkin said people should consider using safer encrypted platforms such as Facetime and WhatsApp – though all have risks.
Houseparty users today claimed their accounts had been used to hack into Spotify profiles
The app allows anyone to join a chatroom without permission if they are friends with one of the people in the group.
Campaigning charity Internet Matters warned this could threaten youngsters by allowing other users to enter their private chats.
It urged parents to make their children aware of the importance of ‘locking’ their chats to stay safe.
Cybersecurity and privacy researcher Lukas Stefanko told Forbes: ‘I analysed the app’s permissions usage and since the app provides video chats with your friends it is logical that requested permissions are necessary.
‘I haven’t found any shady misusing of them by the app.
‘The app doesn’t provide a lot of in-app options and settings, which creates less scenarios for exploiting security issues.’
Houseparty said: ‘We’ve found no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts.
‘As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform.
‘Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple.’
WHICH SMART HOUSEHOLD GADGETS ARE VULNERABLE TO CYBER ATTACKS?
From devices that order our groceries to smart toys that speak to our children, high-tech home gadgets are no longer the stuff of science fiction.
But even as they transform our lives, they put families at risk from criminal hackers taking advantage of security flaws to gain virtual access to homes.
A June 2017 Which? study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.
The survey of 15 devices found that eight were vulnerable to hacking via the internet, Wi-Fi or Bluetooth connections.
Scary: Which? said ethical hackers broke into the CloudPets toy and made it play its own voice messages. They said any stranger could use the method to speak to children from outside
The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.
The watchdog said that a hacker could even pan and tilt the cameras to monitor activity in the house.
SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.
Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.