Houzz Data Breach
Houzz Home Design & Renovation Platform Breach (2018): 51 Million User Accounts Including Passwords & Social Media Profiles Exposed
Home design and renovation platform.
Risk Interpretation
High risk of phishing, contractor impersonation, wire fraud, and household targeting. Home-renovation context can also reveal residence value, planned work, and spending intent.
Impact & Downstream Threats
In mid-2018 Houzz suffered a breach that was not discovered by the company until later that year and disclosed to users in February 2019. The exposed data for approximately 48 million users included email addresses, usernames, IP addresses, geographic locations, passwords stored as salted bcrypt hashes, and linked social media profile information. Houzz notified affected users by email and required password resets for impacted accounts. No class-action settlement or significant regulatory action
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Social media account targeting and impersonation
Threat Vectors
Breach Intelligence
Executive Summary
Houzz, the home design and renovation platform, suffered a data breach in mid-2018 that exposed the personal information of approximately 48 to 51.7 million users. The company discovered the breach later that year but did not notify affected members until February 2019. The attack vector remains unknown, and no specific threat actor has been publicly identified. The exposed data included names, email addresses, usernames, IP addresses, geographic locations, and passwords stored as salted bcrypt hashes. Some users had linked social media profiles exposed in place of passwords, depending on how they authenticated to the service. This combination of data is particularly sensitive in the home renovation context: geographic and profile information can reveal where someone lives, the value of their home, and their planned spending on renovation work, creating openings for phishing, contractor impersonation, and targeted fraud. Houzz notified affected users by email and required password resets for impacted accounts. No class-action settlement or significant regulatory action specific to this breach has been publicly documented. Affected individuals remain at elevated risk of credential-stuffing attacks if they reused their Houzz password on other services, as well as targeted scams that exploit their home improvement activity.
About Houzz
Houzz is an online platform for home design, renovation, and professional services, connecting homeowners with interior designers, architects, and contractors while hosting an extensive catalog of home design inspiration content. The company is headquartered in Palo Alto and operates as a private company. It generates revenue through professional subscription services and advertising aimed at home improvement trade professionals.
Why They Hold Your Data
Home-design marketplaces collect customer identity, addresses, project inquiries, payment-adjacent records, and contractor or vendor interactions tied to renovation and interior-design workflows.
Recent Developments
Houzz has continued to operate as a private company focused on its professional marketplace and home design content platform. The company underwent significant workforce reductions in 2023 as part of a cost reduction effort. No major ownership or structural changes have been reported in the most recent period.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, geographic_locations, ip_address, password, social_media_profile, username
Dark Web Verification
- Dataset containing ~51.7M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: houzz.com-2018;Houzz Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Houzz
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam