LivingSocial is the second biggest online daily deals website after Groupon in the US. LivingSocial is owned in part by Amazon has announced that it has been hacked. The attackers got away with data which includes names, email addresses, and encrypted passwords of 50 million customers.
That’s a huge amount of data which is now in the hands of cyber crooks. The email addresses alone is a gold mine for spammers, shady marketers, and anyone in between. At least, LivingSocial kept its password database salted and hashed, which reduces the threat a lot. LivingSocial says that the database that stores customer credit card information was not affected or accessed in the attack.
Here’s the official security notice issued by LivingSocial to its users:
LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.
The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.
The database that stores customer credit card information was not affected or accessed.
Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.
We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s).
The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.
Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.
We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.
The company is also notifying affected users via email, but will be suspending phone support during this time. Needless to say, if you have a LivingSocial account, you should be changing your password as soon as possible.
As noted from the official security notice, the company has already expired old passwords of affected users. Users are now required to create a new password the next time they want to log in.
The company has also encouraged affected users to change their passwords on other sites where they may have reused them.
If you are affected, you will find our article about password security strengthening and how to protect yourself when a website gets hacked.