Houzz suffers a huge data breach, asks users to reset password
Home improvement startup Houzz suffered informed its users on Thursday, January 31, that it suffered a data breach. The company has not provided details about the occurrence but contacted its users to encourage them to change their passwords as a precautionary measure to prevent accounts from being compromised.
Houzz informed its users of the breach via email, and additional details are available on the company’s website. According to the company, a file containing user data was obtained by an “unauthorized third party.” Houzz did not go into detail as to how the company was breached. It said that it is currently investigating the situation, with its internal team and a “leading forensics firm” looking into the specifics.
The company also failed to lay out what user information has been compromised. Instead, it details what data “could have been” impacted by the incident. Potentially exposed information includes publicly visible information on Houzz user profiles including names, locations, and personal descriptions; internal identifiers that Houzz uses to classify its users; and encrypted passwords, IP addresses, and ZIP codes. Houzz did emphasize that information including Social Security numbers and payment information was not compromised.
If the information that may have been compromised, passwords are the most concerning. The company said that user passwords are scrambled and salted (which adds additional characters to a stored password to make it harder to decipher) but did not detail what hashing algorithm it uses to protect passwords. It’s hard to say just how secure those stolen passwords are, so it is probably best to heed the company’s advice and change yours if you have a Houzz account.
Houzz said it first learned of the breach in late December 2018. While the company said it “immediately engaged with a leading forensics firm” to look into the incident, but it didn’t inform users until Thursday. Not all users were affected and Houzz specifically contacted those it believes were impacted.
If you are a Houzz user, you can reset your password by visiting the company’s “change password” page. Log in with your email address to change the password. You may also want to consider changing the passwords on other accounts that use the same login information.