Hackers target LivingSocial, stealing the personal data of more than 50 million people in an enormous security breach.
Daily deals Web site LivingSocial is the latest database target for hackers, who have compromised the personal information of more than 50 million people.
In internal LivingSocial e-mails obtained by AllThingsD, the unknown culprits appear to have made off with the names, e-mails, birthdates, and encrypted passwords of what appears to be the vast majority of Living Social customers.
The Washington, D.C.-based site, owned in part by Amazon, claims around 70 million customers worldwide. The company’s divisions in the Philippines, South Korea, Indonesia, and Thailand remain unaffected because they are hosted on different servers.
To put this breach in perspective, said Robert Hansen, director of Product Management & Technical Evangelist at WhiteHat Security, it’s important to consider its scale. “If there are approximately a billion people on the Internet, this hack single-handedly represents about half a percent of all Internet users. This could be catastrophic, not for the accounts and credit cards that are stolen directly, but also because of password reuse of all of those millions of users. They should be changing their passwords immediately,” he said.
- E-mails,” LivingSocial CEO Tim”
Subject: An important update on your LivingSocial.com account
LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.The database that stores customer credit card information was not affected or accessed.Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.For your security, please create a new password for your <<email_address>> account by following the instructions below.
Visit LivingSocial.com Click on the “Create a New Password” button (top right corner of the homepage) Follow the steps to finish
We also encourage you, for your own personal data security, to consider changing passwords on any other sites on which you use the same or similar password(s).The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.If you have additional questions about this process, the “Create a New Password” button on LivingSocial.com will direct you to a page that has instructions on creating a new password and answers to frequently asked questions.We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.