Jump to content

Houzz reveals it suffered a data breach


sincity

Recommended Posts

The home improvement site Houzz has announced that it suffered a data breach in which third-parties gained access to a file containing publicly visible user data as well private account information.

The company explained to users in an email that an unauthorized third-party obtained access to a file containing internal account information such as user IDs, email addresses, one-way encrypted passwords, IP addresses, city and zip codes and user's Facebook information.

At this time, it is not clear as to whether Houzz's data was stolen through a hacked system, unsecured database or files or even by an employee. The company has also failed to disclose how this data was used or if it had been distributed or sold on any hacking forums.

All we do know is that in late December of last year, Houzz was informed that a file containing their data was in the possession of third-parties and that the company had hired a forensics firm to find out exactly how the data was stolen.

Credential stuffing

According to a security notice sent out by Houzz, we know that information from user profiles including names, city, state, country and profile description was obtained by third-parties.

Fortunately though, no payment information or social security numbers were part of the data breach.

However, armed with email addresses and encrypted passwords, hackers could decrypt them and utilise Houzz user credentials in credential stuffing attacks where attackers try leaked user names and passwords on other sites to see if the same login information was used.

Users affected by the Houzz data breach should change their passwords immediately and consider using a password manager in the future.

Via Bleeping Computer

  • We've also highlighted the best antivirus to help keep your systems safe online
http://feeds.feedburner.com/~r/techradar/digital-home/~4/GHtlyvoIMws
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...