A week ago, Aesha Jean Scott downloaded the app Houseparty to keep in touch with mates while on lockdown. Everyone she knew was doing the same thing. A few days later, the Kiwi reality TV star was alerted to suspicious logins on her Google and Apple accounts, and wondered if Houseparty was to blame.
“They said someone had logged into my iCloud and I freaked out a bit because I don’t want someone going through all my pictures and stuff,” she told PEDESTRIAN.TV.
“It was weird because it happened at the exact same time that all of these reports were coming out that everyone’s being hacked by Houseparty.”
Over the past few days, countless Twitter and Instagram users have urged others to delete the app after claims of being hacked. Users pointed to suspicious logins on Spotify, Netflix and PayPal accounts which they say happened shortly after signing up for Houseparty.
⚠️ Heads up if you’re using the houseparty app ⚠️ pic.twitter.com/5ZlMDgyhNn
— b.b (@benoobrown) March 30, 2020
Scott asked her 150,000+ Instagram followers if she should delete the app. The response proved she wasn’t alone.
“I got so many messages from people saying that three or four of their friends have all had about $2,000 taken from the bank account or PayPal – my bank password was the first thing that I changed,” she said.
“Pretty much everyone I know has deleted the app, so there’s been a very swift rise and swift decline from there.”
Houseparty have denied all claims about hacking, data breaches and malicious activity. The company, which is owned by Fortnite-creators Epic Games, has since offered a US $1 million (AU$1.6 million) bounty to anyone who can provide evidence of what it alleges to be “a paid commercial smear campaign to harm Houseparty.”
“We’ve found no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts and we don’t know where or how it originated,” a spokesperson for the company told PTV on Tuesday.
Experts agree, arguing that there is no evidence to connect Houseparty with suspicious logins on other apps. Dr. Nick Patterson, a senior lecturer and cybersecurity researcher at Deakin University, told PTV the screenshots being shared on social media might be evidence of hacking, but don’t prove any relation to Houseparty.
“It is possible Houseparty is doing this, but my opinion would be that it’s very low or at least they don’t know about it,” he said.
“Some people are saying, ‘oh wow my Netflix password got changed, it’s Houseparty’s fault,’ but it’s incredibly hard to determine that for a layman user.”
Patterson said the idea that Houseparty is behind the alleged hacks would be like “robbing a bank with no mask on”. He said a more likely case – if anything malicious even happened at all – would be that a rogue, disgruntled employee stole user data. It’s also theoretically possible for an “elite hacker” to access the app’s servers without the company knowing, he added.
At the time of the incident, Scott said she had been using the same email and passwords for most of her accounts. It’s a vulnerability Patterson said was widely exploited in the 2014 celebrity hacking scandal.
“iCloud and Gmail accounts have been compromised before in the recent celebrity phone hacking scandals, and that did not come from the use of a specific app. Typically these hackers break into the main email account of the user and from there can compromise everything attached to that,” Patterson said.
“They usually get in by guessing weak passwords, by guessing high school or mother’s maiden name questions, or they can sometimes use password guessing tools, or simply infect the individual’s phone with remote access malware.”
Scott freely admits she can’t be certain Houseparty caused the suspicious logins on her accounts. “Obviously I can’t prove that’s what it’s from, but it is very coincidental,” she said.
In Australia, there has been no official investigation into the hacking claims. A spokesperson for the ACCC said Scamwatch had not received any reports mentioning the app, but did suggest that concerned users use strong and unique passwords, making sure different passwords are used for different accounts.
Scott said this was the same lesson she took away from the debacle too. “I hadn’t changed my passwords in so long, so it’s kind of good to get a kick up the butt to change things around,” she said.
The Cheapest NBN 50 Plans
It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.