Popular face-to-face social networking app Houseparty is on the defensive amid claims of a data breach, offering a $1 million bounty for proof of what it believes may be a “paid commercial smear campaign.”
The Twitter account for the app late Monday evening shared notice of the bounty, noting the company is “investigating indications” that the recent reports of its privacy flaws might be the result of someone wishing to harm the platform, which has surged in users during the coronavirus pandemic. One of the original sources of the hacking reports, Twitter user @megycassidy, has appeared to have since deleted their account. Other tweets to allege hacking that have gone viral have also been deleted.
We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to email@example.com.— Houseparty (@houseparty) March 31, 2020
Twitter users have alleged Houseparty was trying to access other apps on their phone, including Spotify and Netflix. Some users even claimed their online banking accounts were compromised. None of the claims have been definitively proven.
“All Houseparty accounts are safe - the service is secure, has never been compromised, and doesn’t collect passwords for other sites,” Houseparty responded.
Houseparty, launched in 2016 and purchased in 2019 by Epic Games, the company behind the mega-popular video game Fortnite, has boomed in activity in recent weeks as people across the globe have been ordered to stay home in an effort to slow the spread of the coronavirus. The app saw its weekly average downloads jump to 2 million earlier this month, according to data tracked by Apptopia.
But with increased users comes added attention. Video conferencing company Zoom is in the same boat, now facing scrutiny from the New York Attorney General’s office for its data privacy and security practices, according to the New York Times. AG Letitia James sent a letter to Zoom questioning whether the platform’s current security controls can keep up with its surge in users.
Maarten Stassen, partner in the privacy and cyber-security group at law firm Crowell & Moring, says he isn’t aware of another company going to the extent to defend itself like Houseparty has with its bounty offering. “Sabotage is part of the new risks posed by the digital world we all depend on and already happens on a smaller scale, for example, intentionally posting false reviews of restaurants or stores for competitive gain,” he adds.
Apps new to the mainstream, like Houseparty, are also at risk of being blamed for breaches that may just be coincidental, notes Sundeep Kapur, an associate in the privacy and cyber-security practice at law firm Paul Hastings. That’s why privacy experts recommend using different passwords for different services in order to avoid widespread hacking.
“With more user awareness about privacy when using video chat apps, criticism around potentially undue data collection may be the fallout that Houseparty has to deal with, even if they assuage fears that user credentials are stored securely,” says Kapur.