Certain publicly visible information from a user’s Houzz profile only if the user made this information publicly available (e.g., first name, last name, city, state, country, profile description)
Certain internal identifiers and fields that have no discernible meaning to anyone outside of Houzz (e.g. country of site used, whether a user has a profile image)
Certain internal account information (e.g., email address, user ID, prior Houzz usernames, one-way encrypted passwords salted uniquely per user, IP address, and city and ZIP code inferred from IP address) and certain publicly available account information (e.g., current Houzz username and, if a user logs into Houzz through Facebook, the user’s public Facebook ID)
The company learned of the breach in December and notified users in February.
User passwords were reset at that time and the company published an FAQ [houzz.com] on their website.
Data on this was has now been provided to that site we all love to check, HaveIBeenPwned [haveibeenpwned.com]