houzz Cybersecurity security awareness training phish learn improve property home house beautiful data breach credential stuffing check bank statements

Houzz Improvers! Change Your Password

40 million Houzz users are urged to change their password on this popular home improvement site due to the latest data breach.

houzz Cybersecurity security awareness training phish learn improve property home house beautiful

Houzz Break-In

A California home improvement website, Houzz, was founded in 2009 and valued at about $4 billion in 2017. This site is a bartering marketplace as well as an idea platform for interior designers, architects, traders, and homeowners.

houzz Cybersecurity security awareness training phish learn improve property home house beautiful

In late December 2018, Houzz has been working with a forensics firm after they discovered an unauthorized third party had compromised a file containing customer data. An email to customers disclosing their data breach stated:

“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party.”

Houzz data breach email screenshot

houzz Cybersecurity security awareness training phish learn improve property home house beautiful

Compromised Data

houzz Cybersecurity security awareness training phish learn improve property home house beautiful

Impacted information contained within those stolen files were one-way encrypted passwords, user ID, Houzz usernames, Facebook ID, IP address, as well as city and postcodes inferred from IP addresses. Information a person made public on the Houzz site, such as their name and city or state location, is also listed as at risk.

houzz Cybersecurity security awareness training phish learn improve property home house beautiful data breach

It is recommended to keep your personal information private on online accounts. Houzz emphasized that social security numbers, payment cards, bank account, and other financial details were not affected. Houzz is working with leading security fornsics company to further investigate and improve their security.

Credential Stuffing, Phish Bait, & Security Software

After a data breach, here are a few key tips to keep in mind.

Credential Stuffing – Although financial information may not be involved in this data breach, it doesn’t mean your accounts are safe. Email addresses, usernames, and old passwords can be effective for a technique referred to as credential stuffing. Combined with other stolen information, someone can then feed these credentials to an automated program that will try them all out on various websites, hoping that people have reused their passwords on multiple services.

houzz Cybersecurity security awareness training phish learn improve property home house beautiful data breach credential stuffing

Even if you’ve reset your Houzz password, if you reused the same email and password combination on another service, it can also be compromised. Aside from that, IP addresses and ZIP codes can be combined with other sensitive information from other data breaches (Social Security numbers from the Equifax breach, for example). With this data, cybercriminals can round off complete individual profiles that can be then used for identity theft.

houzz Cybersecurity security awareness training phish learn improve property home house beautiful data breach credential stuffing

Beware of Phishing Scams – Cybercriminals look at these data breaches as a new opportunity to hustle new victims. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. 

houzz Cybersecurity security awareness training phish learn improve property home house beautiful data breach credential stuffing

Check Your Other Online Accounts – If you used your Houzz password on other sites, it’s time to change them to unique strong passwords using the first letter and symbols of a phrase you won’t forget. For future reference, never use the same password for multiple accounts. Organize your unique password by using a Password Manager.

Enable Two-Factor Authentication (2FA) – Most accounts these days have an extra layer of security so you can protect your account better. All you have to do is enable this feature in your settings.

houzz Cybersecurity security awareness training phish learn improve property home house beautiful data breach credential stuffing check bank statements regularly

Keep An Eye On Your Bank Accounts – Get in a good habit of checking your bank accounts and ensuring all transactions listed are completed by you. If you see anything suspicious, report it immediately.

Source: The Register

2Shares