Augmented reality company Houzz has disclosed a data breach, stating that certain information pertaining to select users may have been exposed. According to the company, an “unauthorized third party” was able to obtain some user data, including certain internal account data, some internal identifiers, and select publicly visible user profile information.
Houzz is a home improvement platform that offers an augmented reality app enabling users to view virtual items inside of their home. According to a post on the company’s help website, Houzz recently discovered that a file said to contain some user data was accessed by the hacker — the company hasn’t provided the third-party’s identity.
Houzz says it is working with a “leading forensics firm” on investigating the matter, which has been reported to law enforcement. The company has moved to safeguard user data; impacted customers are receiving alerts about their potential involvement in the breach.
Fortunately, the breach doesn’t involve sensitive personal data, such as banking info or Social Security numbers. Houzz says that it is “unlikely” that a user’s identity would be uncovered based on the acquired data. Impacted users are being advised to change their account passwords.
It’s unclear at this time how the intruder managed to obtain the file. According to Houzz, the vulnerability potentially exposed some internal identifiers that won’t be useful for the hacker, such as whether a user had a profile picture on their account, as well as some of their public profile info — the profile description, perhaps — and select account data, including IP addresses, one-way encrypted passwords, and usernames.