The home improvement company learned of a new breach in its platform by an ‘unauthorized third party’, impacting user data.
Houzz has said that it is working with both its internal security team as well as a forensics firm to investigate the incident.
A data breach has been reported by Houzz in its platform on January 31. The home improvement company mentioned that an ‘unauthorized third party’ broke into its system and might have impacted its user data. As a result, it has alerted users to change their account credentials such as passwords post this breach, via email.
Interestingly, Houzz came to know about this incident in late December 2018 but disclosed this last week. In their security update blog, the company stated that it was working with a leading forensics firm to assist in the investigation of the breach. Furthermore, Houzz has informed the law enforcement authorities about the breach.
What information is affected?
Houzz reported the following three types of information that was affected in the breach.
Publicly visible information of a user’s profile if he/she has made it public.
Internal identifiers & fields.
Internal account information such as one-way encrypted passwords, IP addresses, and Facebook IDs, among others.
However, Social Security numbers or payment-related information was not involved in this breach. “This incident does not affect sensitive personal information like Social Security numbers or payment card, bank account, or other financial information, so it is highly unlikely that your identity could be stolen as a result,” the company blog read.
The blog also mentioned that only some of its users were affected by this breach.
Moreover, the company stated that, “We do not believe that any passwords were compromised because we do not actually store passwords except in a one-way encrypted form that is salted uniquely per user.” But the users are recommended to change their password on any other site where they used the same password as for Houzz.