Home-improvement startup Houzz said it suffered a major data breach in December 2018, Digital Trends reports. The company has not provided any further details, but is encouraging users to change their passwords as a precautionary measure and to prevent accounts from being compromised.

According to the company, a file containing user data was obtained by an "unauthorized third party." Houzz did not go into detail as to how the company was breached. It said that it is currently investigating the situation, with its internal team and a "leading forensics firm" looking into the specifics.

The company also failed to lay out what user information has been compromised. Instead, it details what data "could have been" impacted by the incident. Potentially exposed information includes publicly visible information on Houzz user profiles including names, locations, and personal descriptions; internal identifiers that Houzz uses to clarify its users; and encrypted passwords, IP addresses, and ZIP codes. Houzz did emphasize that information including Social Security numbers and payment information was not compromised.

Houzz said it first learned of the breach in late December 2018. While the company said it “immediately engaged with a leading forensics firm” to look into the incident, it didn’t inform users until Thursday. Not all users were affected and Houzz specifically contacted those it believes were impacted.

Read More