LivingSocial hacked, 50 million accounts compromised

By Darshik Jariwala - April, 27th 2013

LivingSocial, a daily deals website is yet another company to have been attacked by hackers. The company has sent emails to its 50 million users informing about the same and reassuring that none of their data has been compromised.

Users in Thailand, Korea, Indonesia and the Philippines remain unaffected. The hackers have managed to get the information such as names, birthdays, e-mail addresses and encrypted passwords too. LivingSocial has informed The Verge that information of users in Malaysia was in fact accessed but South Korea hasn’t been affected.

The case appear’s to be similar to Evernote’s security breach few months ago where users information was compromised but the company promised that no Credit Cards or such crucial information was stolen. With LivingSocial too, CEO Tim O’Shaughnessy has assured its users in the e-mail that the breach has not affected any of their personal data or credit card information, and neither has the merchant financial or banking information compromised, as the servers that store these information and details has not been hacked into.

Well aware that the news will obviously create a panic among users, LivingSocial will not be answering to or returning any calls, the service has been suspended as of now so they are able to concentrate on task at hand.

In the past year and a half, we have seen major companies such as LinkedIn, Evernote, Twitter who were fallen victim to the hackers. Amazon currently owns 29 percent of LivingSocial.

Please make sure you update your password regularly and keep it unique for all your email, social or e-commerce online accounts.

Here is an email that LivingSocial supplied to AllThingsD, which they have sent it to their employees:

Re: Security Incident

LivingSocialites –

This e-mail is important, so please read it to the end.

We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

Two things you should know:

1. * The database that stores customer credit card information was not affected or accessed.

2. * The database that stores merchants’ financial and banking information was not affected or accessed.

The security of our customer and merchant information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

To ensure our customers and merchants are fully informed and protected, we are notifying those who may have been impacted via email explaining what happened, expiring their passwords, and requesting that they create new passwords. A copy of the note is included below this email.

If you have any questions or concerns, please visit Pulse –https://pulse.livingsocial.com/intranet/Home/more_updates.html — for a list of frequently asked questions. If you have additional questions that aren’t answered in the FAQs, please submit them via email to XXX@livingsocial.com.

Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our web-based servicing.

I apologize for the formality of this note, which the circumstances demand. We need to do the right thing for our customers who place their trust in us, and that is why we’re taking the steps described and going above and beyond what’s required. We’ll all need to work incredibly hard over the coming days and weeks to validate that faith and trust.

– Tim

Source: The Verge

Photo Credit – Elvert Barnes/Flickr