Who: Houzz

# of Records: Extent Unknown

Date: 1 Feb 2019

What Happened: Third Parties gained access to a file

How Did it Happen: Third parties gained access to a file that contained publicly visible user data in addition to private account information, including user IDs, email addresses, encrypted passwords, IP addresses, and Facebook information. It appears that Houzz’s data was stolen at some point, but it is not known if it was stolen​ through a hacked system, unsecured database or files, or by an employee.

Outcome: Houzz was told that a file containing their data was in the hands of third-parties and that they hired a forensics firm to determine how the data was stolen. While payment information was not disclosed, email address and encrypted passwords were. Depending on the type of encryption used to encrypt the passwords, it is possible for attackers to decrypt them so that they can be used in other attacks.