Houseparty denied it had been hacked... while miscreants were abusing its dot-com domain name infrastructure

2020-05-20 15:00

While some tweets taking aim at Houseparty appear to be dubious, evidence of any smear campaign has yet to surface, and it appears the $1m bounty has not been awarded.

The Register twice asked Houseparty to confirm this.

Nor was any bug bounty paid to security researcher Zach Edwards after he found that Houseparty's domain infrastructure had been hijacked and abused to distribute malicious content.

The Register understands that Houseparty views the issue as a website misconfiguration issue and has taken steps to fix its domain infrastructure.

Asked to comment on Edwards's claims, a Houseparty spokesperson said: "The world trusts Houseparty to connect them when they need it most and we won't let them down. We received the individual's correspondence attempting to claim the bounty and thoroughly reviewed it to confirm that it was not founded. The individual has not provided a proof of concept for his theoretical bug, which is required by all bug bounty programs. The Houseparty app is safe for use on any mobile device and is protected by industry trusted encryption, so your data and your experience are protected." .

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/20/houseparty_subdomain_hijack/

#hacked #houseparty #infrastructure