LivingSocial gets hacked, 50 million users told to reset passwords

Users' names, email addresses and passwords may have been accessed, CEO Tim O'Shaughnessy said
  • Zach Miners (IDG News Service)
  • — 26 April, 2013 22:47

More than 50 million users of the daily deals site LivingSocial are being asked to reset their passwords after hackers attacked the company's servers and potentially made off with personal data.

The cyberattack "resulted in authorized access to some customer data on our servers," including names, email addresses, dates of birth and encrypted passwords, LivingSocial CEO Tim O'Shaughnessy said in an email to employees and in a separate email being sent to customers.

The database that stores customer credit card information was not affected, nor was the database that stores merchants' financial and banking information, the Washington, D.C.-based company said.

Although decoding users' passwords "would be difficult," the site says it is taking "every precaution" by expiring its users' passwords and asking them to create a new one. Emails are being sent this afternoon to the more than 50 million users whose data may have been compromised, a LivingSocial spokesman said.

LivingSocial says it has 70 million members worldwide. Customers in Korea, Thailand, Indonesia and the Philippines aren't being contacted because the company uses different computer systems in those countries, it said.

The group behind the attack has not been identified. "We are actively working with law enforcement to investigate this issue," LivingSocial said on its website.

The hack may have resulted in users' accounts on other sites being compromised. "We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)," O'Shaughnessy said.

"We need to do the right thing for our customers who place their trust in us," O'Shaughnessy said in the employee email, adding, "We'll all need to work incredibly hard over the coming days and weeks to validate that faith and trust."

The hack follows a slew of attacks on Twitter, Facebook, Microsoft and other companies. LivingSocial said it is "redoubling" its efforts to prevent future breaches.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Tags: Internet-based applications and services, e-commerce, security, data breach, twitter, internet, Identity fraud / theft, LivingSocial

Today's Approach to Security is Broken

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Management Solutions

Endpoint Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.