What happened
According to public breach records, the Houzz data breach on May 23, 2018 is reported to have exposed the personal information of 48,881,308 accounts.
In mid-2018, the housing design website Houzz suffered a data breach. The company learned of the incident later that year then disclosed it to impacted members in February 2019. Almost 49 million unique email addresses were in the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords or links to social media profiles used to authenticate to the service. The data was provided to HIBP by dehashed.com.
Houzz disclosed in early 2019 that a file of user data was taken by an unauthorized third party. It learned of the incident in late December 2018, with the exposure dating to mid-2018, and around 49 million accounts were affected. The data included names, usernames, emails, IP addresses, IP-derived city and ZIP locations, social-media login links, and salted one-way hashed passwords, but no Social Security numbers or payment or financial data, and Houzz asked affected users to reset passwords.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Geographic locations
- IP addresses
- Names
- Passwords
- Social media profiles
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Houzz |
| Date | May 23, 2018 |
| Accounts affected | 48,881,308 |
| Domain | houzz.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Houzz; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Houzz password and any place you reused it, because the hash algorithm was never disclosed so treat it as crackable. Enable two-factor authentication and use a password manager to stop reuse. Review any Facebook or social logins linked to Houzz, since those profile links were exposed. Watch for phishing emails that use your leaked name and location.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- TechCrunch Houzz resets user passwords after data breach
- WeLiveSecurity Houzz discloses data breach
- Have I Been Pwned Houzz
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →