Home Improvement Site Houzz Suffers Data Breach
Phil Muncaster | February 04, 2019
Home improvement site Houzz has announced a data breach affecting an unspecified number of customers, but claimed that follow-on identity theft is “highly unlikely.” The firm — which claims to have over 40 million homeowners, home design enthusiasts and home improvement professionals on its books — said it learned about the incident in late December 2018. However, a Houzz spokesperson clarified to Infosecurity: “We have complied with our reporting obligations under GDPR by notifying the UK ICO within the period required by GDPR. We also have voluntarily notified users out of an abundance of caution.” The California-headquartered business said an unauthorized third party gained access to a file containing user data. This included: user ID, prior Houzz user names, one-way encrypted passwords “salted uniquely per user,” IP address, and city and postcode inferred from IP address. Also exposed in the breach were publicly available account details like Houzz user name and/or Facebook ID. Finally, if the user had made the following info publicly visible, then first name, last name, city, state, country and profile description could also be compromised.