Startups
Houzz resets user passwords after data breach
Houzz, a $4 billion-valued home improvement startup that recently laid off 10 percent of its staff, has admitted a data breach.
A reader contacted TechCrunch on Thursday with a copy of an email sent by the company. It doesn’t say much — such as when the breach happened, what was stolen, or if a hacker to blame or if it was a data exposure that the company could’ve prevented.
Houzz spokesperson Gabriela Hebert would not comment beyond an FAQ posted on the company’s website, citing an ongoing investigation.
In that FAQ, the company said it “recently learned that a file containing some of our user data was obtained by an unauthorized third party.” It added: “We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts.”
The company said it was notifiying all of its users who may have been affected.
An email from a Houzz user. (Image: supplied)
Houzz said some publicly visible information from a user’s Houzz profile, such as name, citiy, state, country and profile description, along with internal identifiers and fields “that have no discernible meaning to anyone outside of Houzz,” such as the region and location of the user and if they have a profile image, for example, the company said.
The company also said that usernames and scrambled passwords were also taken.
Houzz said that the passwords were scrambled and salted using a one-way hashing algorithm, but did not provide specifics on what kind of hashing algorithm was used. Some algorithms, like MD5, are old and outdated but still in use, while newer hashing algorithms — like bcrypt — are stronger and can be more difficult to crack, depending on the number of rounds the passwords go through.
Regardless, the company recommended users change their passwords.
No financial information was taken, according to the FAQ.
The company was last year among many mocked for sending out emails to users alerting them of mandatory changes to their privacy policies ahead of the 2018-introduced EU General Data Protection Regulation (GDPR) law, saying it “value[s]” its customers privacy. “Their opening lines offer a glimpse of the way legal policy and user experience are colliding under the new regulations,” said Fast Company.
But it’s not clear if the company will face penalties — up to four percent of its global revenue — as a result of the regulation, only that the company “notified EU authorities within the statutory period,” said the spokesperson.
Another day, another breach.
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
Earth’s mini moon could be a chunk of the big moon, scientists say
‘Venom: The Last Dance’ review: Half a great, stupid movie
‘Here’ review: Robert Zemeckis, Tom Hanks, and Robin Wright reunite
The 34 greatest Australian horror films (and where to watch them)
Menendez brothers case reignites online: The questions that keep resurfacing
How to watch the 2024-2025 NBA season without cable: The greatest streaming deals
Election 2024: The truth about voting machine security
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
‘Dragon Age: The Veilguard’ review: BioWare made a good game again
‘Wallace and Gromit: Vengeance Most Fowl’ review: A delightful romp with an anti-AI streak
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago‘Interior Chinatown’ review: A very ambitious, very meta police procedural spoof
-
Entertainment6 days agoEarth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days agoX users are fleeing to BlueSky: Here’s a quick-start guide on how to sign up
-
Entertainment6 days agoThe space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment5 days ago‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment4 days agoBlack Friday 2024: The greatest early deals in Australia – live now
-
Entertainment3 days agoHow to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
