Interested in learning more about privacy and data breach trends? Watch the free, on-demand

https://siliconangle.com/2019/02/03/data-stolen-hack-home-improvement-site-houzz/

Home improvement site Houzz has suffered a data breach, with an unknown amount of user information stolen.

The hack, discovered in late December but only revealed on Friday, involved the theft of profile information, including name, city, state, country and profile description, along with internal identifiers such as the region and location of the user and whether each has a profile image.

Houzz added that usernames and encrypted passwords were stolen as well. The hack did not involve the theft of Social Security numbers or payment card, bank account, or other financial information.

The company provided no details as to how the hack took place, saying on an FAQ page that it “continue(s) to investigate the incident both with our internal team and with a leading forensics firm.” Affected users have been notified by email and asked to reset their passwords as a precaution.

Houzz is a 10-year-old forum and home improvement service that connects people with services in home remodeling, architecture, interior design, decorating, landscaping and home improvement. The company was valued at $4 billion as of its last venture capital fundraising and has raised $613.6 million to date, meaning it can afford to implement decent security.

Tim Erlin, vice president of product management and strategy at Tripwire Inc., told SiliconANGLE that although it might not be clear how this sensitive data was obtained, it’s a good example of the risks of password reuse.

“If you used the same password for your Houzz account that you used for a more sensitive account, then you’ve put that more sensitive account at risk as well,” Erlin explained. “Using unique passwords is a good way to protect yourself from this type of risk.”

Using multi-factor authentication is another way to reduce the risk, he added. “The internet is all about connection, and sometimes those connections work to the advantage of attackers,” he said.

Image: Houzz

Home improvement site Houzz has announced that it suffered a data breach in which third-parties gained access to a file containing publicly visible user data as well private account information.

The company explained to users in an email that an unauthorized third-party obtained access to a file containing internal account information such as user IDs, email addresses, one-way encrypted passwords, IP addresses, city and zip codes and user's Facebook information.

At this time, it is not clear as to whether Houzz's data was stolen through a hacked system, unsecured database or files or even by an employee. The company has also failed to disclose how this data was used or if it had been distributed or sold on any hacking forums.

• 
  Breaking the credential reuse cycle
  
• 
  Half of malicious emails tied to credential phishing
  
• 
  New 'collection' data dump contains 2.2bn usernames and passwords