Houseparty, the app that found itself in a bright spot of viral user attention owing to the global stay-at-home mandates, has announced a million-dollar bounty for anyone that finds proof that other applications on users' phones were being hacked as a result of the Houseparty app. Responding to a sudden explosion of allegations that a security flaw in the app was causing other services to be remotely infiltrated by hackers, Houseparty sent out an official response on Twitter earlier today, saying:
"We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to [email protected]. We have spent the past few weeks feeling humbled and grateful that we can be such a large part of bringing people together during such a hard time."
We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to [email protected].? Houseparty (@houseparty) March 31, 2020
Houseparty's denial of a hack or a breach of its protocols comes in line with cyber security researchers claiming that there is indeed no proof of a vulnerability in the source code of the Houseparty app, which may enable remote access attackers to exploit other devices too. Manan Shah, chief executive of cyber consultancy firm Avalance Global Solutions, told News18 that there is no proof of such vulnerabilities in the Houseparty app, and although similar cyber crime activities may be on the rise globally, the same may not be directly linked to the Houseparty app.
Similar thoughts are echoed by John Shier, senior security advisor at Sophos, who attempts to clarify the reasons behind Houseparty facing the sudden flak. In a statement shared with News18, he says, "One likely scenario is that the Houseparty app is the last app many users may have installed and registered using the same credentials as other apps, such as Netflix, Spotify and countless others. Criminals are constantly using old, compromised credentials to access online services in credential stuffing attacks. Correlating these two events seems to be what's causing all the fuss."
Another great sentence from their privacy policy! The "méchant" (bad) Internet could collect your personal data.House Party doesn't take responsibility for securing its information systems. Regardless, such declaration is unenforceable under GDPR. pic.twitter.com/ePFATL1ciQ? Suzanne Vergnolle (@SuVergnolle) March 22, 2020
A second clause from Houseparty's privacy clause reveals an even more worrying approach, which states, "The internet cannot be guaranteed to be 100 percent secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure." In other words, any data that Houseparty collects about you is almost certainly gone from your hands, and the very presence of such clauses make good reason to not trust a service that blatantly disregards the information and privacy of its users.
Houseparty's app has also caused instances of online bullying, where the nature of the group chats often mean that users with malicious intent can enter into a chatroom, and leave visuals or comments that may include racial abuse, and in many ways, even pornographic content. As of now, such instances are said to have remained unchecked by Houseparty. With such incidents happening on the app, and its privacy policy largely non-compliant to the European General Data Protection Regulation (GDPR) laws, it would seem difficult to put faith in a service that has so far not even attempted to hide its gaping privacy loopholes.
As a user, you should be warned — while using the Houseparty app will indeed bring you closer to your friends, you might just be putting your own, and your friends' privacies at risk.
Comments
0 comment