4. Houzz Number of records hacked
RECOMMENDED VIDEOS FOR YOU
Download 69.65 Kb.
|
- Navigate this page:
- Sony WH-1000XM4 | Everything You Need To... 01/09/20 IOS 14 | Everything You Need To Know In 1 Minute
| RECOMMENDED VIDEOS FOR YOU...
Google Nest Audio | Everything you need to... 06/10/20 video playing Samsung Galaxy Z Fold 2 | Everything You Need... 14/09/20 Sony WH-1000XM4 | Everything You Need To... 01/09/20 IOS 14 | Everything You Need To Know In 1 Minute 24/06/20 Canon EOS R5 | Everything You Need To... 17/07/20 Credential stuffingAccording to a security notice sent out by Houzz, we know that information from user profiles including names, city, state, country and profile description was obtained by third-parties. Fortunately though, no payment information or social security numbers were part of the data breach. However, armed with email addresses and encrypted passwords, hackers could decrypt them and utilise Houzz user credentials in credential stuffing attacks where attackers try leaked user names and passwords on other sites to see if the same login information was used. Users affected by the Houzz data breach should change their passwords immediately and consider using a password manager in the future. What is Houzz, you might ask? It is a website and online community that caters to homeowners, home design aficionados and home improvement professionals. Among its tools is a marketplace where home improvement companies can advertise and sell their services through its platform. The company said it discovered the data breach in late December 2018 but it is still unclear if the file was accessed through a hacked system, a rogue employee or through an unsecured database. Houzz also claims that not all of its customers are affected but it has not revealed the actual number of accounts compromised.
The information involved in the breach includes: User IDs Publicly available information from a Houzz user profile (first name, last name, city, state, country, profile description) Email addresses One-way encrypted passwords “salted” uniquely per user IP address City and ZIP code derived from the IP address Whether a user logs in via Facebook User’s Facebook ID Houzz claims the breach does not involve financial information or Social Security numbers. Additionally, although the “salted” passwords were compromised, Houzz says actual user passwords were not compromised. Note: A “salt” is randomly generated data used in password encryption. However, as a precaution, it is advising its users to reset their passwords by visiting https://www.houzz.com/changePassword or by going to their account settings. Houzz has also started email notifications informing its users about the data breach. Here’s what the email looks like: Due to the incident, the company is now taking further steps to improve its security. Aside from its internal investigation, Houzz has informed law enforcement and has retained the services of a leading security forensics company to look into the matter. Download 69.65 Kb. Share with your friends:
|