Slash Boxes

SoylentNews is people

Submission Preview

Link to Story data exposed 49 million users in 2018

Accepted submission by RandomFactor at 2019-03-12 22:22:34 from the talk about unwanted houzz guests dept.

The housing design site [] suffered a breach in 2018 [] that exposed, for 49 million users:

Certain publicly visible information from a user’s Houzz profile only if the user made this information publicly available (e.g., first name, last name, city, state, country, profile description)
Certain internal identifiers and fields that have no discernible meaning to anyone outside of Houzz (e.g. country of site used, whether a user has a profile image)
Certain internal account information (e.g., email address, user ID, prior Houzz usernames, one-way encrypted passwords salted uniquely per user, IP address, and city and ZIP code inferred from IP address) and certain publicly available account information (e.g., current Houzz username and, if a user logs into Houzz through Facebook, the user’s public Facebook ID)

The company learned of the breach in December and notified users in February.

User passwords were reset at that time and the company published an FAQ [] on their website.

Data on this was has now been provided to that site we all love to check, HaveIBeenPwned []

As of this submission - The breach is listed on HaveiBeenPwned's RSS feed here [] but the breaches page of pwned websites [] does not yet list it.

Original Submission