A number of unsubstantiated claims have alleged popular video chat app Houseparty had been breached leading to their Netflix and Spotify accounts being accessed by unknown hackers.
While Houseparty denied it it ever happened, blaming it instead on a smear campaign, it serves as a reminder for the majority of us who remain apathetic about the data we hand over to apps.
While most hacks reported by users are later verified by the company, the Houseparty claims were a little different. A number of tweets reported Houseparty had released their data, leading to their accounts on Netflix, Spotify and PayPal being accessed by hackers. The problem was they did not explain how they knew it was Houseparty who did it, though it’s not to say their claims aren’t real.
Houseparty later denied the claims and said it was offering $US1,000,000 to anyone providing information about the source of the damaging rumours. Gizmodo Australia has contacted Houseparty for further clarification on how it knows the allegations form part of a smear campaign.
PayPal has also denied any accounts were affected by the alleged hacks.
“User accounts are secure and the company has not experienced issues related to this matter,” a PayPal spokeperson said to Gizmodo Australia.
The Houseparty app has faced a huge surge in popularity in the midst of the global coronavirus outbreak, and now some people have claimed there are privacy and hacking concerns related to the app. After a number of people alleged their data had been hacked, Houseparty has came out denying the reports and is putting up a million dollars to find out where the rumours began.Read more
App users give up data for personalised experiences
While many of us would like to think we’d know if we were hacked after signing up for an app, Hugo O’Connor, a privacy expert at CSIRO’s Data61, explained it’s just not that simple.
“Unfortunately, users generally won’t know if a specific application is responsible for leaking their data and personal information unless that application admits to a data breach,” O’Connor said to Gizmodo Australia over email.
“In today’s connected world, consumers are being forced to give up data in order to receive personalised experiences or use basic apps or services, meaning there’s a lot of data out there on a lot of different platforms; many ‘honey-pots’.”
The issue is with new and convenient apps being created everyday by everyone wanting to be the next Facebook or Google or TikTok, our data is becoming more widespread than ever and figuring out where your data was breached can be a tough find.
Houseparty collects data for targeted advertising
“Houseparty’s policies specify that they do use targeted advertisements, meaning that their advertising partner, Life On Air, receives your data in order to deliver these ads,” O’Connor said.
“When a user agrees to the terms and conditions of Houseparty, which most do without reading the full details, the advertising service Life On Air and their subsidiary are free to gather additional information about the user and their friends, and use this data to inform the content they display on their services.”
But Houseparty is not alone in doing this. Many other apps are collecting years of data and it’s unlikely to stop given so many of us do not bother reading the terms and conditions.
“Consumers would be surprised to know that under End User Licensing Agreements, in which data consent is managed, some organisations have kept a backlog of ten years’ worth of geolocation data, recorded at an almost hourly level,” O’Connor said, explaining many users unwittingly accept these agreements when signing up.
“Whether it’s Houseparty or another similar platform, there needs to be a full-scale revamp of data collection requirements and consent management on a broad scale, so organisations are transparent on how, what, where and why they collect data and who has access to that data, giving consumers the ability to make informed decisions.”
Tips for signing up for new apps
After all is said and done, apps will continue to play a big part of our lives and we’re not likely to stop signing up for new ones all of a sudden. What we can aim to do, however, is do our best to be vigilant about what we hand over and not always take the easy route.
“When signing up to any application, it is easy to link other social media accounts such as Facebook and Snapchat. However, this isn’t the safest way to log in to new apps, as the app you’re attempting to download will be given access to your data shared on social media without your knowledge,” O’Connor said.
In these cases, it’s always better to sign up with an email and unique password so in worst case scenarios, your data is ideally siloed.
O’Connor provided some simple tips we should all be following:
- Don’t log in with an existing social media platform
- Create a unique and strong password, and use 2FA
- Avoid sites geolocating you
- Install ad blockers
- Contact the application provider for their data and security policy
- Make sure all information and links come from a reputable source
- Do further research into the application before installing or signing up
Remember, once your data is out there, it’s hard — if not, impossible — to get back. Take that extra minute or two to give yourself the best chance possible.
Back in 2019 Epic Games (of Fortnite fame) acquired an app called Houseparty. It stayed relatively quiet until 2020 when coronavirus saw millions of people stuck at home, looking for new ways to connect with friends and family beyond Zoom and Skype calls.Read more