The popular home design platform Houzz has suffered a data breach that exposed some personal information.
Houzz has over 40 million monthly unique users, at the time is not clear how many individuals are affected.
The company learned in late December that of an
The company discovered that a file containing user data was obtained by an “unauthorized third party.”
“Out of an abundance of caution, we have notified all Houzz users who may have been affected.”
The company is investigating the issue to discover how hackers obtained the data, it notified law enforcement and hired a forensics firm to assist it.
“Our security team has a number of ways to learn about potential security vulnerabilities, including our own active methods and third-party reporting.” continues the notification.
The file obtained by the unauthorized third party included information such as name, city, state, country, description and also some internal identifiers used by Houzz systems
The company revealed that exposed data also included usernames, password hashes, IP addresses, and user’s Facebook ID in case the users accessed to the platform through Facebook.
Hackers did not access social security numbers or financial information.
“You may reset your password at https://www.houzz.com/changePassword. Please note that in order to reset your password, you will need to have access to the email address that is associated with your Houzz profile.” continues the notification.
“We do not believe that any passwords were compromised because we do not actually store passwords except in a one-way encrypted form that is salted uniquely per user. However, we recommend changing your password on any other sites or accounts where you used the same login information that you used for Houzz. It is generally best practice to use a unique password for each service.”