Makers of suddenly popular video chat app Houseparty are offering a $1.6 million (US$1 million) bounty to anybody who can prove it was targeted by a smear campaign after rumours spread online claiming the app was responsible for a recent wave of hacking.
Twitter posts went viral – and were subsequently removed from the platform – claiming Houseparty, a company owned by Fortnite developer Epic Games, was hacking user accounts on other social media networks and could access banking apps.
Suddenly the internet was awash with rumours that the chart-topping Houseparty app was unsafe and had to be immediately deleted.
Anecdotal evidence included screenshots of emails from the likes of Snapchat, Spotify, Instagram, and Netflix saying that a user’s password had been changed or there had been suspicious activity on the account.
Aside from people having recently installed the Houseparty app, there was no proof that the app was indeed the culprit.
Houseparty dismissed the rumours and claimed it was victim of a “paid commercial smear campaign to harm Houseparty” and offered a $1.6 million bounty for the first person who could prove existence of the claim.
We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to firstname.lastname@example.org.— Houseparty (@houseparty) March 31, 2020
If you can prove a paid campaign to tarnish Houseparty’s name, email email@example.com and claim your prize.
First released in 2016, Houseparty gained a meteoric rise in popularity recently due to lockdowns forced by the coronavirus outbreak.
The app easily lets multiple people join a room for video conferences and includes games that can be played within the app.
Its ease of access and fun user experience has made Houseparty the go-to app for people looking for group video calls in a more casual setting and is currently the number one free app on the Apple Store – just ahead of Australia’s official coronavirus app.
So far, there is no hard evidence that the app steals data or has a bug that can be easily exploitable by bad actors.
Cybersecurity firm Sophos said in a blog post it was possible, in theory, that Houseparty was being exploited to gain access to other user accounts – although it is unlikely – but added that deleting the app, like people have said you should do, would not solve your cybersecurity woes.
“After all, if any of this ‘hacking’ behaviour is not down to Houseparty, which is a mainstream app published by a well-known software company in Apple’s and Google’s official online stores, then deleting the app and feeling virtuous about closing your account is not going to help you, because you will still be at risk but will think you aren’t,” Sophos APAC head of technology, Paul Ducklin, said in the post.
Ducklin even suggests that screenshots which supposedly confirmed hacking activity “might themselves be phishing attacks in which the crooks send you a fake Neflix notification to trick you into revealing your password”.