back to article Bringing the Houzz down: Home design website tells users to reset passwords after copping to breach

Home improvement website Houzz has urged users to reset their passwords after an "unauthorised third party" made off with a file containing customer data. The Californian biz, founded in 2009 and valued at almost $4bn in 2017, is a bartering marketplace and, er, ideas platform for interior designers, architects, traders and …

  1. Will Godfrey Silver badge
    Unhappy

    2019 v 2018

    At this rate we're well on the way to exceeding last year's data leaks.

    Edit: Well, reported ones!

    1. JetSetJim Silver badge

      Re: 2019 v 2018

      I got the email today, fortunately no personal info in the account, and I registered it with "hows@mydomain.com" as the email (rather oddly, it wouldn't let you use "houzz" in the email), so it shouldn't be of any use to anyone (not even entirely sure why I registered it!)

  2. Version 1.0 Silver badge

    You learn a lot about security when you get hacked - it's a good education. On the other hand, getting hacked is so common these days that stories like this are a lot less interesting than reading today's weather forecast.

    ...They'll be coming back again, those nasty grumbly grimblies, and they're climbing down your chimney, yes they're trying to get in. Come to take your money – isn't it a sin, they're so thin ...

  3. JeffyPoooh Silver badge
    Pint

    "...urged..."

    "...urged users to reset their passwords..."

    'Next time you visit our website, please reset your password.'

    ...vs...

    'Next time you visit our website, YOU WILL BE DIRECTED TO reset your password.'

    It's trivially simple to avoid "urged".

    For consideration.

    P.S. Yes, they could allow a certain number (or period) of 'Not Now' escapes, to overcome the obvious objection.

  4. adam payne Silver badge

    It said not all had been exposed, but "out of an abundance of caution" it had notified all those who might have been.

    Issue discovered late December but only notifying people now, that's not what I would call an abundance of caution.

    1. John Brown (no body) Silver badge

      Yep, instant GDPR violation if applicable.

  5. Ken Moorhouse Silver badge

    Do they have FAQ's on their site...

    On how to secure back doors, fix windows, and how to use putty?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019