- People are complaining on social media that their PayPal, Netflix, and Spotify accounts were hacked and blaming Houseparty.
- But Houseparty said it had seen no evidence of a breach and advised people not to reuse the same usernames and passwords across different accounts.
- Houseparty has exploded in popularity as people use the app to make group video calls during coronavirus lockdowns.
- Visit Business Insider’s homepage for more stories.
Houseparty users are complaining on social media that they’ve been hacked, reporting that their PayPal, Netflix, Spotify, and online-banking accounts were compromised.
Several tweets, including from verified users, include screenshots of what users say are compromised accounts from Spotify and other services. These users blamed Houseparty.
Houseparty has surged in popularity as a way of keeping in touch with friends and family during coronavirus restrictions around the world. The app — which offers group calling, quizzes, and games — launched in 2016 and was acquired by Epic Games in 2019. According to Apptopia data cited by VentureBeat, Houseparty’s downloads surged by 2,000% from mid-February to mid-March.
Asked by Business Insider whether Houseparty had any explanation for account compromises, a spokeswoman said, “We’ve found no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts.”
The spokeswoman added that people shouldn’t use the same username or password across different accounts, a common security mistake.
“As a general rule, we suggest all users choose strong passwords when creating online accounts on any platform,” she said. “Use a unique password for each account, and use a password generator or password manager to keep track of passwords, rather than using passwords that are short and simple.”
There isn’t any evidence that Houseparty got hacked
There is little evidence that Houseparty has in fact been hacked. It isn’t clear how users concluded that Houseparty was the reason their other accounts were compromised, except that it may be the newest service they’ve signed up for.
What’s more likely is that people are reusing credentials and passwords across different accounts. When those details are compromised and leaked or sold, hackers often try entering them across multiple services in what’s known as a “credential stuffing” attack.
Netflix and Spotify are among the top services targeted by hackers globally. Spotify has never acknowledged a breach, but it did reset some people’s passwords in May, hinting at a credential-stuffing attempt.
Spotify and Netflix did not immediately respond to Business Insider’s requests for comment.