Houseparty App Users Claim That Their PayPal, Netflix, Spotify, and Other Accounts Were Hacked
A hundred, fifty, or even twenty years ago, when people got quarantined and isolated, they had fewer options to entertain themselves. Someone in 1920 might have spent their time playing an instrument or writing actual letters. People in 1970 could watch TV and call their family and friends on their personal landline phones. As we stepped into the 21st century, our options expanded, even in the year 2000. While we were yet to learn about MySpace or Facebook, AIM and MSN were already in use. If you lived in those times, video calls and group video chats could only be imagined. Not anymore. In 2020, we have more options than we can count. Skype, Facebook Messenger, FaceTime, Google Hangouts, Marco Polo, and WhatsApp are just a few tools that can make it easy to connect with the loved ones. Houseparty is another important player in the game, but recently this group chat app has been gaining a not so stellar reputation.
Hackers are exploiting the quarantine and self-isolation
There are quite a few countries in this world that have not yet been impacted by the COVID-19 pandemic, but if you live in Australia, Europe, or North America, the chances are that you are in quarantine. Perhaps, you’ve been self-isolating for over a month now. Even though a lot of people have the option to work from home, there’s still more free time than ever, and because people cannot meet up with friends, family, and colleagues face-to-face, they are relying more frequently on software and mobile apps that can alleviate social isolation. In fact, companies across the board are sharing an increase in user numbers. For example, Microsoft revealed that it saw a 220% increase in Skype-to-Skype calls. Zoom suddenly increased its active user base by 21%. This is not at all surprising because it is only natural that people need a way to connect to one another, and most apps these days enable users to do that for free.
Unfortunately, cybercriminals are creatures of opportunity, and once they figured out how people around the globe changed their habits during the pandemic, they adjusted their own behavior as well. For example, it was reported recently that cybersecurity experts have seen a 4,000% increase in phishing emails that spread ransomware, and these emails are often using COVID-19 to attract gullible people. Zoom’s reputation became shaky when 530,000 user account details were leaked and sold online. It seems that cybercrooks are ready to tackle any and every platform that people become more interested in. Unfortunately, because social-networking apps are now used more than ever before, the attackers are working hard to find ways to attack them too. Users of the Houseparty app are now claiming that it has been exploited to hack their Netflix, Spotify, PayPal, social media, and even online banking accounts.
Can Houseparty be blamed?
In late March and the beginning of April, tweets have started to emerge suggesting that as soon as Android and iOS users install Houseparty, their social media and other personal accounts get hacked.
If anyone has the houseparty app I highly suggest you delete it asap. Spotify/banks/facebooks/snapchats have been hacked into and transactions have been made from peoples accounts. My Spotify has been accessed in other countries despite changing passwords/emails! #housepartyhack
— kiralee❀ (@hesgoIden_) April 10, 2020
since houseparty was hacked and my twitter account just so happened to be linked this happened. luckily i have 2FA so no one can get in but jesus christ be carful and delete your hp acc #housepartyhack pic.twitter.com/tTThnhabsE — TICKETS TO MY DOWNFALL???????? (@cheyennejeanha1) April 12, 2020
Houseparty was quick to respond stating that their app was secure: “All Houseparty accounts are safe - the service is secure, has never been compromised, and doesn’t collect passwords for other sites.” Also, they suggested that someone was conducting a smear campaign to harm the reputation of the company. Houseparty went as far as to offer a $1,000,000 reward for anyone who could find the alleged perpetrator.
All Houseparty accounts are safe - the service is secure, has never been compromised, and doesn’t collect passwords for other sites. — Houseparty (@houseparty) March 30, 2020
We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to firstname.lastname@example.org.
— Houseparty (@houseparty) March 31, 2020
So, what is actually going on? Is Houseparty app safe to use? At this point, there is no proof that the app got hacked or that the company has leaked personal user data. That being said, if you found your Netflix password, PayPal password, Spotify password, or any other personal password hacked after downloading the app, you need to think about one particular thing – did you reuse a password? Unfortunately, although cybersecurity experts keep on pushing to set up unique and strong passwords for every account used, people are often overwhelmed by the sheer number of passwords that they need to remember, and that is why they often choose to reuse them. Even rotating passwords is incredibly dangerous because if, for example, a Houseparty password that is funfun123 is hacked, a Netflix password that is funfun1234 will not be safe. It takes milliseconds for cybercriminals to brute-force such weak passwords.
Shona Ghosh at Businessinsider spoke to a representative of Houseparty, who said: “As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform. Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple.” It would seem that Houseparty is looking at the incident as a coincidence and that it is putting the blame on potentially careless users, who are reusing passwords or setting weak passwords to begin with.
What to do if your Netflix password, PayPal password, or Spotify password was hacked?
The first thing you need to do is change the password. Unfortunately, some users are sharing that their email accounts were hacked, and that means that getting back into the hacked accounts can be difficult. That is if your social media and other personal accounts are linked to your email account and you rely on it to receive password reset links or two-factor authentication codes. Hopefully, you can access your account controls to change passwords and make your accounts stronger overall. We have guides on how to reset the PayPal password, the Netflix password, the Spotify password, and passwords for many other popular services. When changing the password, you have to be mindful. Since every password you own has to be long, hard-to-remember, complex, and contain a variety of characters and symbols, we believe it is best to employ a password generator. The Cyclonis Password Manager has this tool built-in, and if you want to give it a go, click the link above.
In conclusion, whether or not the Houseparty app is safe to use, you have to do your part in making sure that your personal accounts are secure. Do NOT reuse/recycle/rotate passwords and do not use simple, easy-to-remember combinations that even amateur hackers could guess or brute-force. Also, remember to use all available security measures that service providers can offer. For example, if you are offered to set up two-factor or multi-factor authentication, the question is not should you. It’s how should you do it as soon as possible.