Houzz discloses data breach to affected users

Photo (c) higyou - Getty Images

The home improvement startup is urging users to change their password as a precaution

Home design website Houzz experienced a data breach last month and is now urging users to reset their passwords as a precaution.

In an email to customers sent on Thursday, Houzz said that an "unauthorized third party" gained access to a file containing some customer data. The firm said it discovered the incident in late December and immediately began working with "a leading forensics firm” to investigate the issue.

“Out of an abundance of caution, we have notified all Houzz users who may have been affected,” Houzz said in a security update on its website.

Information possibly obtained

Houzz, which claims to have "40 million homeowners, home design enthusiasts and home improvement professionals" signed up, didn’t provide an estimate of how many users might have been impacted by the breach.

The home improvement startup said Social Security numbers and other financial information weren’t involved in the incident. However, user ID, one-way encrypted passwords, previous Houzz usernames, IP addresses, and city and postcodes inferred from IP addresses could have been leaked.

“We do not believe that any passwords were compromised because we do not actually store passwords, except in a one-way encrypted form that is salted uniquely per user,” the company wrote.

Houzz recommended that users reset their passwords as a precaution.

“We recommend changing your password on any other sites or accounts where you used the same login information that you used for Houzz. It is generally best practice to use a unique password for each service.”

The company said that its investigation into the matter is ongoing and that it has taken steps to safeguard user data.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.