Skip to main content

Houzz resets user passwords after data breach

Houzz, a $4 billion-valued home improvement startup that recently laid off 10 percent of its staff, has admitted a data breach.

A reader contacted TechCrunch on Thursday with a copy of an email sent by the company. It doesn’t say much — such as when the breach happened, what was stolen, or if a hacker to blame or if it was a data exposure that the company could’ve prevented.

Houzz spokesperson Gabriela Hebert would not comment beyond an FAQ posted on the company’s website, citing an ongoing investigation.

In that FAQ, the company said it “recently learned that a file containing some of our user data was obtained by an unauthorized third party.” It added: “We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts.”

The company said it was notifiying all of its users who may have been affected.

An email from a Houzz user. (Image: supplied)

Houzz said some publicly visible information from a user’s Houzz profile, such as name, citiy, state, country and profile description, along with internal identifiers and fields “that have no discernible meaning to anyone outside of Houzz,” such as the region and location of the user and if they have a profile image, for example, the company said.

The company also said that usernames and scrambled passwords were also taken.

Houzz said that the passwords were scrambled and salted using a one-way hashing algorithm, but did not provide specifics on what kind of hashing algorithm was used. Some algorithms, like MD5, are old and outdated but still in use, while newer hashing algorithms — like bcrypt — are stronger and can be more difficult to crack, depending on the number of rounds the passwords go through.

Regardless, the company recommended users change their passwords.

No financial information was taken, according to the FAQ.

The company was last year among many mocked for sending out emails to users alerting them of mandatory changes to their privacy policies ahead of the 2018-introduced EU General Data Protection Regulation (GDPR) law, saying it “value[s]” its customers privacy. “Their opening lines offer a glimpse of the way legal policy and user experience are colliding under the new regulations,” said Fast Company.

But it’s not clear if the company will face penalties — up to four percent of its global revenue — as a result of the regulation, only that the company “notified EU authorities within the statutory period,” said the spokesperson.

Another day, another breach.

Here’s what to expect in cybersecurity in 2019



from Startups – TechCrunch https://tcrn.ch/2BfChFo
Labels:

Comments

Post a Comment

Popular posts from this blog

Axeleo Capital raises $51 million fund

Axeleo Capital has raised a $51 million fund (€45 million). Axeleo first started with an accelerator focused on enterprise startups. The firm is now all grown up with an acceleration program and a full-fledged VC fund. The accelerator is now called Axeleo Scale , while the fund is called Axeleo Capital . And it’s important to mention both parts of the business as they work hand in hand. Axeleo picks up around 10 startups per year and help them reach the Series A stage. If they’re doing well over the 12 to 18 months of the program, Axeleo funds those startups using its VC fund. Limited partners behind the company’s first fund include Bpifrance through the French Tech Accélération program, the Auvergne-Rhône-Alpes region, Vinci Energies, Crédit Agricole, BNP Paribas, Caisse d’Épargne Rhône-Alpes as well as various business angels and family offices. The firm is also partnering with Hi Inov, the holding company of the Dentressangle family. Axeleo will take care of the early stage in...
Post a Comment
Read more

TikTok’s rivals in India struggle to cash in on its ban

For years, India has served as the largest open battleground for Silicon Valley and Chinese firms searching for their next billion users. With more than 400 million WhatsApp users , India is already the largest market for the Facebook-owned service. The social juggernaut’s big blue app also reaches more than 300 million users in the country. Google is estimated to reach just as many users in India, with YouTube closely rivaling WhatsApp for the most popular smartphone app in the country. Several major giants from China, like Alibaba and Tencent (which a decade ago shut doors for most foreign firms), also count India as their largest overseas market. At its peak, Alibaba’s UC Web gave Google’s Chrome a run for its money. And then there is TikTok, which also identified India as its biggest market outside of China . Though the aggressive arrival of foreign firms in India helped accelerate the growth of the local ecosystem, their capital and expertise also created a level of competit...
Post a Comment
Read more