UPDATED 20:40 EST / FEBRUARY 03 2019

SECURITY

Data stolen in hack of home improvement site Houzz

Home improvement site Houzz has suffered a data breach, with an unknown amount of user information stolen.

The hack, discovered in late December but only revealed on Friday, involved the theft of profile information, including name, city, state, country and profile description, along with internal identifiers such as the region and location of the user and whether each has a profile image.

Houzz added that usernames and encrypted passwords were stolen as well. The hack did not involve the theft of Social Security numbers or payment card, bank account, or other financial information.

The company provided no details as to how the hack took place, saying on an FAQ page that it “continue(s) to investigate the incident both with our internal team and with a leading forensics firm.” Affected users have been notified by email and asked to reset their passwords as a precaution.

Houzz is a 10-year-old forum and home improvement service that connects people with services in home remodeling, architecture, interior design, decorating, landscaping and home improvement. The company was valued at $4 billion as of its last venture capital fundraising and has raised $613.6 million to date, meaning it can afford to implement decent security.

Tim Erlin, vice president of product management and strategy at Tripwire Inc., told SiliconANGLE that although it might not be clear how this sensitive data was obtained, it’s a good example of the risks of password reuse.

“If you used the same password for your Houzz account that you used for a more sensitive account, then you’ve put that more sensitive account at risk as well,” Erlin explained. “Using unique passwords is a good way to protect yourself from this type of risk.”

Using multi-factor authentication is another way to reduce the risk, he added. “The internet is all about connection, and sometimes those connections work to the advantage of attackers,” he said.

Image: Houzz

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.