Home Design website Houzz suffered a data breach

The home remodeling and design platform Houzz informed customers that it suffered a data breach that exposed some personal information.

The popular home design platform Houzz has suffered a data breach that exposed some personal information.

Houzz has over 40 million monthly unique users, at the time is not clear how many individuals are affected.

The company learned in late December that of an unathorized access to its user data and started notifying its users.

The company discovered that a file containing user data was obtained by an “unauthorized third party.”

“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party. The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts. We have also notified law enforcement authorities.” reads the data breach notification published by the company.

“Out of an abundance of caution, we have notified all Houzz users who may have been affected.”

The company is investigating the issue to discover how hackers obtained the data, it notified law enforcement and hired a forensics firm to assist it.

“Our security team has a number of ways to learn about potential security vulnerabilities, including our own active methods and third-party reporting.” continues the notification.

The file obtained by the unauthorized third party included information such as name, city, state, country, description and also some internal identifiers used by Houzz systems

The company revealed that exposed data also included usernames, password hashes, IP addresses, and user’s Facebook ID in case the users accessed to the platform through Facebook.

Hackers did not access social security numbers or financial information.

The company suggest users reset the password and revealed that it uses a unique salt for each password.

“You may reset your password at https://www.houzz.com/changePassword. Please note that in order to reset your password, you will need to have access to the email address that is associated with your Houzz profile.” continues the notification.

“We do not believe that any passwords were compromised because we do not actually store passwords except in a one-way encrypted form that is salted uniquely per user. However, we recommend changing your password on any other sites or accounts where you used the same login information that you used for Houzz. It is generally best practice to use a unique password for each service.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data breach, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]