Home Design website Houzz suffered a data breach

The home remodeling and design platform Houzz informed customers that it suffered a data breach that exposed some personal information.

The popular home design platform Houzz has suffered a data breach that exposed some personal information.

Houzz has over 40 million monthly unique users, at the time is not clear how many individuals are affected.

The company learned in late December that of an unathorized access to its user data and started notifying its users.

The company discovered that a file containing user data was obtained by an “unauthorized third party.”

“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party. The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts. We have also notified law enforcement authorities.” reads the data breach notification published by the company.

“Out of an abundance of caution, we have notified all Houzz users who may have been affected.”

The company is investigating the issue to discover how hackers obtained the data, it notified law enforcement and hired a forensics firm to assist it.

“Our security team has a number of ways to learn about potential security vulnerabilities, including our own active methods and third-party reporting.” continues the notification.

The file obtained by the unauthorized third party included information such as name, city, state, country, description and also some internal identifiers used by Houzz systems

The company revealed that exposed data also included usernames, password hashes, IP addresses, and user’s Facebook ID in case the users accessed to the platform through Facebook.

Hackers did not access social security numbers or financial information.

The company suggest users reset the password and revealed that it uses a unique salt for each password.

“You may reset your password at https://www.houzz.com/changePassword. Please note that in order to reset your password, you will need to have access to the email address that is associated with your Houzz profile.” continues the notification.

“We do not believe that any passwords were compromised because we do not actually store passwords except in a one-way encrypted form that is salted uniquely per user. However, we recommend changing your password on any other sites or accounts where you used the same login information that you used for Houzz. It is generally best practice to use a unique password for each service.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data breach, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.