03 April 2020

IRM Weekly Cybersecurity Roundup: Houseparty hack concerns and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.

Houseparty hack concerns

Houseparty hack app

In recent weeks, the Houseparty video chat app has soared in popularity due to its fun game functionality.

Despite its popularity, a series of reports on social media appear to claim that there has been a Houseparty hack, as many of its users experienced strange activity on other media accounts like Netflix and Facebook.

There is little evidence of the Houseparty hack claims and the app makers have claimed it’s untrue. Instead, indicating that it was a “paid commercial smear to harm Houseparty”.

The app maker, Epic Games, has even offered up a $1 million reward to whoever could prove the commercial smear theory.

Many users are put off by the 12,000+ word privacy policy which lays out the ways in which the app makers will use your data for commercial and promotional purposes.

You can read more here.

Video conferencing platforms targeted by criminals

Cautions have been given over the unguarded use of video conferencing platforms such as Zoom, Microsoft Teams, Slack and Cisco WebEx.

With the obvious increase in remote workers using these tools to communicate with their colleagues, cybercriminals are targeting these platforms to gain access to meeting details and conversations.

Particular concern has been raised over the Zoom meeting platform, as the Broadcast Audience Research Council was hosting a virtual conference on the platform and had to end the meeting because of a “hacking episode”.

Advice to ensure you stay protected on video conferencing platforms include: ensuring the software is patched and up-to-date and setting strong passwords. You can also add in a ‘waiting room’ feature which gives the meeting organiser more control over who joins the meeting.

You can read more here.

Marriott tangled up in another data breach

Marriott HotelsMarriott has announced another potential data breach, affecting up to 5.2 million customers’ personal details.

The company has confirmed that guests’ names, addresses, birth dates, emails, phone numbers and loyalty reward program numbers for the hotel chain and airline partners could have been compromised. Marriott couldn’t clarify whether sensitive information like passwords and passport information was exposed too.

The data breach was noticed because they saw an uptake in the unusual amount of guest data accessed through an in-house application they use to track customers. They noticed this in late February but it’s thought this activity actually began in mid-January.

This is the third information security breach the hotel chain has experienced in the last 18 months.

You can read more here.

Morrisons win data breach ruling

Morrisons has won its Supreme Court appeal over the liability for a data breach from 2014.

The breach involved a disgruntled employee leaking staff details (including salaries) on the internet and Morrisons were initially named as being legally responsible for the data leak.

They have since appealed to the Supreme Court and it was ruled this Wednesday that the rogue employee was not conducting work business when he committed the illegal data breach, therefore the company could not be held liable for his actions.

You can read more here.

Quick-Fire Updates

Gambling sites taken down by cyber-attack: Numerous gambling sites across America and Europe were taken down by a suspected DDoS attack at the end of last week. Read more here.

COVID-19 sees cyber-attacks up by 37%: within the last month, according to the latest data. Some security firms have claimed they are blocking between four and six times more attacks compared to normal. Read more here.

To learn more about how IRM supports organisations with their cybersecurity challenges, visit the ‘Cybersecurity Services’ section of our website.