Stories
Slash Boxes
Comments

SoylentNews is people

Houzz.com Data Exposed 49 Million Users in 2018

posted by martyb on Thursday March 14 2019, @03:16AM   Printer-friendly
from the talk-about-unwanted-houzz-guests dept.

RandomFactor writes:

The housing design site Houzz.com suffered a breach in 2018 that exposed, for 49 million users:

Certain publicly visible information from a user's Houzz profile only if the user made this information publicly available (e.g., first name, last name, city, state, country, profile description)
Certain internal identifiers and fields that have no discernible meaning to anyone outside of Houzz (e.g. country of site used, whether a user has a profile image)
Certain internal account information (e.g., email address, user ID, prior Houzz usernames, one-way encrypted passwords salted uniquely per user, IP address, and city and ZIP code inferred from IP address) and certain publicly available account information (e.g., current Houzz username and, if a user logs into Houzz through Facebook, the user's public Facebook ID)

The company learned of the breach in December and notified users in February.

User passwords were reset at that time and the company published an FAQ on their website.

Data on this was has now been provided to that site we all love to check, HaveIBeenPwned

As of this submission - The breach is listed on HaveiBeenPwned's RSS feed here but the breaches page of pwned websites does not yet list it.

[Are there any Soylentils who have NOT had private information leaked/breached? From a different perspective, how many times has your data been pwned? What, if anything did/could you do about it? -Ed.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Houzz.com Data Exposed 49 Million Users in 2018 | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by MichaelDavidCrawford on Thursday March 14 2019, @04:10AM (1 child)

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Thursday March 14 2019, @04:10AM (#814053) Homepage Journal

    That's the _specific_ reason I regard single sign-on as morally reprehensible. I never ever ever sign on with Facebook nor Twitter; if as with Medium I have no other choice then I do not sign in at all.

    That right there - the correlation of my nick among multiple websites - as my Line In The Sand that simple must not be crossed.

    It's not like my own nick is any manner of national defense secret but there are a great many people for which their own nicks really are: concerns of national security, in the specific cases of political activists such as Occupy Wall Street enthusiasts.

    I remain puzzled as to how to convince their sorry lot how to stop organizing through Facebook and Gmail. That's just like delivering themselves personally to the Manhattan Borough Jail.

    --
    Yes I Have No Bananas. [gofundme.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Informative) by Anonymous Coward on Thursday March 14 2019, @09:32AM

    by Anonymous Coward on Thursday March 14 2019, @09:32AM (#814124)

    That's just like delivering themselves personally to the Manhattan Borough Jail.

    Just to clarify, it's the Manhattan Detention Complex. More popularly known as The Tombs [wikipedia.org].

    You left coasters just don't understand New York. Just sayin'...