My phone beeped quite a few times yesterday. Text messages with people asking me if Houseparty, the popular isolation communication app, has been hacked. My response was simple. Maybe. The app was fairly rushed to market and there may have been some corners cut. My advice was to uninstall it and I’d look into it. Little did I know that the furore online far surpassed the somewhat calm text messages I was getting. This thing should be a documentary that beats the madness of Tiger King.
Age Of Misinformation
I don’t know why this happens. Maybe it’s the Illuminati or something like that. But every time something winds up as part of a trend it seems to follow a consistent pattern. It goes something like:
- Early adopters try it out
- Burst in popularity (virality)
- Widespread adoption
- Sudden distrust
- Meh usage
Now, there’s not a whole lot of science in my findings. Some might say they’re a touch on the side of anecdotal. However, Houseparty certain fits this path. First of all, let’s look at the accusations.
Houseparty Users Claim They’ve Been Hacked
Users are finding a correlation between their downloading of the Houseparty app and the consequent hacking of their Spotify accounts.
Downloaded Houseparty n someone’s hacked my Spotify from Russia!! Delete ur account & then the app. (Would also like to ask that the hacker not reveal my Disney music obsession thank u x) pic.twitter.com/Y6MhUCq66B
— Holli Anderson (@holli__a) March 30, 2020
This user is not alone with many others claiming they’ve had logins from Russia appearing on the account. The Houseparty creators deny that any data has been compromised.
All Houseparty accounts are safe – the service is secure, has never been compromised, and doesn’t collect passwords for other sites.
— Houseparty (@houseparty) March 30, 2020
Now, I don’t have the technical know-how to tell you if this app has been hacked or not, but my gut reaction would be to say it’s unlikely. Here’s my logic.
Who Is Behind Houseparty?
My initial thoughts on Houseparty were that it was developed by some developer in their bedroom. While it’s not obvious from the Houseparty website, this app is actually owned by Epic Games. Epic Games are no hacks (pun not really intended).
Founded in 1991, Epic Games is today perhaps best known as being the creator of Fortnite and Gears of War. I do know that this isn’t a free pass out of “we fucked up ville”, but it’s important we know who’s being accused of creating an app which is being hacked, leading to users’ Spotify being taken over. It’s not just a wee company somewhere. It’s one of the biggest gaming and development companies in the world.
What Have The Houseparty App Creators Said?
The app creators have absolutely come out swinging. They believe this is all part of a smear campaign to encourage people to delete the app and the stop installing it. This makes sense to me. Not only did people report of “hacks as a result of having Houseparty installed” but they also reported difficulty uninstalling the app. This second point could be a clear indicator that a potential smear campaign is targeting the reduction in new users to the platform.
When I say they came out swinging, I mean they really came out swinging. On Twitter the app creators confirmed they are offering a $1 million reward for anyone bringing them proof of a smear campaign.
We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to [email protected]
— Houseparty (@houseparty) March 31, 2020
What The Experts Say About The Houseparty Hack
Sophos is a British security software and hardware company specialising in products for communication, encryption and network security. John Shier, the senior security advisor at Sophos, believes the “hack” is “puzzling” because “there’s no evidence to suggest that Houseparty has been hacked and credentials stolen”.
The Houseparty app has naturally seen a massive increase because people are stuck at home. I don’t have official numbers but I can estimate a gazillion people have downloaded the app to beat isolation blues. Shier believes this has compounded the fear of a hack has spread so quickly stating “one likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others. Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. Correlating these two events seems to be what’s causing all the fuss”.
A Naked Security article, Houseparty – is it really trying to hack into your digital life? also offers some additional advice. You should “visit the Houseparty settings and decide how open you want to be. Do you want your rooms to be “locked” so you meet new people by invitation only? If not, or if you are scared of the app because trolls have been wandering into your online life, consider dialling back your openness rather than deleting the app, but not changing your (user) behaviour. Go through the same exercise for all your social media accounts.”
What Do I Think?
There’s been a lot of this craic lately. My initial reaction would be the fact you found this article means you could be doing more to protect your online privacy. How many websites have you reused the same password over and over again for? A while back, I adopted password managers because through no fault of my own my data had been leaked in a few breaches.
How much news like this real or fake hack impacts you is really down to you. Own your own online security because no one cares about your privacy more than you.
Use a password manager. Previously I used Lastpass and I’m not using 1Password. Both are brilliant and can generate strong passwords for every website and app you use. You don’t need to remember them, the app does it all for you.
For me, I think this is likely a smear campaign. I was on the fence until I read that news was also spreading about the app is difficult to delete. This sounded like it was a step too far in terms of realism and definitely ticked the box of reducing new users.
Who’s Behind The Houseparty Smear Campaign?
I’ve seen a lot of shady stuff on Twitter these days. Take Simon Harris’s Twitter posts. There are compliments and criticisms coming from obvious bot accounts. Do I think Harris is behind this? No. It’s likely someone else trying to make it look like Harris has deployed bots to his comment section. Yup. I’ve gone full tinfoil hat on this one.
For Houseparty, it could be any number of companies involved in the video streaming space. Or, perhaps, it’s another competitor trying to make a company look like they would engage in nefarious activity. It’s a mess and the big loser here is the public who are having their trust in technology rattled. At least, to me, that’s what it looks like.
Agree or disagree? Drop a comment below and let me know.