sincity Posted February 4, 2019 Share Posted February 4, 2019 The home improvement site Houzz has announced that it suffered a data breach in which third-parties gained access to a file containing publicly visible user data as well private account information.The company explained to users in an email that an unauthorized third-party obtained access to a file containing internal account information such as user IDs, email addresses, one-way encrypted passwords, IP addresses, city and zip codes and user's Facebook information.At this time, it is not clear as to whether Houzz's data was stolen through a hacked system, unsecured database or files or even by an employee. The company has also failed to disclose how this data was used or if it had been distributed or sold on any hacking forums.Breaking the credential reuse cycleHalf of malicious emails tied to credential phishingNew 'collection' data dump contains 2.2bn usernames and passwordsAll we do know is that in late December of last year, Houzz was informed that a file containing their data was in the possession of third-parties and that the company had hired a forensics firm to find out exactly how the data was stolen.Credential stuffingAccording to a security notice sent out by Houzz, we know that information from user profiles including names, city, state, country and profile description was obtained by third-parties.Fortunately though, no payment information or social security numbers were part of the data breach.However, armed with email addresses and encrypted passwords, hackers could decrypt them and utilise Houzz user credentials in credential stuffing attacks where attackers try leaked user names and passwords on other sites to see if the same login information was used.Users affected by the Houzz data breach should change their passwords immediately and consider using a password manager in the future.Via Bleeping ComputerWe've also highlighted the best antivirus to help keep your systems safe onlinehttp://feeds.feedburner.com/~r/techradar/digital-home/~4/GHtlyvoIMws Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.