There’s nothing like a global pandemic to get a hacker’s heart racing. With rising uncertainty in these ‘unprecedented’ times, a perfect storm for cybercriminals has been created: scared, vulnerable people working remotely – some of them for the first time.

WhatsApp usage has increased as people strive to stay connected, but the app has now become a tool for spreading misinformation, some of which has made it into the mainstream media. A recent case of misinformation has been for the recently popularized app, Houseparty, which came under fire for allegedly hacking their users for online banking, PayPal, Netflix and Spotify account details.

Houseparty is owned by the online gaming firm Epic Games, which also owns Fortnite. Epic Games were quick to respond to the claims saying there was “no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts” and even offered a $1,000,000 bounty for the first person to provide proof of a hack. Initial testing by Wandera’s threat ops team revealed no reason to suspect a data breach.

So if Houseparty didn’t hack users, what did happen?

What is more likely is that Houseparty users have had other accounts hacked (Spotify, Netflix…) using breached data lists that include their email addresses and passwords. They see stories circulating about Houseparty being the culprit, so they blame Houseparty too, not the fact that they are using the same passwords for all of their services.

We get it. It’s difficult to remember so many passwords. Even the most tech-savvy can be guilty of password re-use, thinking that they won’t be targeted. This is the wrong way to think. These hacking tools are automated so anyone can be a target. The message here? Choose strong passwords, enforce updates regularly, and don’t use the same passwords for multiple accounts.

A slightly alarming feature of Houseparty is that users can join a virtual ‘room’ without being invited, creating privacy concerns as some users experience lewd content being shared on open groups. This has also been reported from Zoom users, where videoconferencing meetings have been hijacked by “Zoom-bombing”. Unwitting victims were subjected to pornographic and hate images, according to the FBI.

Again, the solution comes down to passwords. To protect yourself, ensure meetings have a passcode, and don’t share the meeting details publicly. If possible, provide the link to your proposed attendees only or use a waiting room to manage attendees. Screen Sharing can be limited to the host only, too.

Zoom has reacted to these stories the “platform was built primarily for enterprise customers – large institutions with full IT support” not the thousands of consumers now using the service for family chats and virtual quiz nights. Zoom committed to fixing these security issues over the next 90 days in a letter from the CEO.

Working from home means that employees have to take more responsibility for cybersecurity protection. The new trend of video conferencing hijacking and interference means that the default access settings need to be configured in a Zero Trust way. We can’t just assume that trolls and miscreants won’t tamper with our technologies, we have to apply default deny and ensure that they are properly secured.