This article was published on April 26, 2013

LivingSocial hack affecting some 50M accounts reported, passwords reset but no credit card info breached


LivingSocial hack affecting some 50M accounts reported, passwords reset but no credit card info breached

Daily deal service LivingSocial announced on Friday that it was the victim of a cyber attack that compromised its computer systems. AllThingsD reports that 50 million accounts have been affected and the company says that while names, email addresses, birthdays, and encrypted passwords may have been accessed, credit card and merchant financial information were not.

To help shore up its security, LivingSocial said in an email to its customers that all current passwords have been reset. To access your account, new ones need to be created.

According to reports, all of the company’s customers have been affected, with the exception of those living in Thailand, Malaysia, Indonesia, and the Philippines. ATD states that those business units were on different systems.

Today’s news definitely does not bode well for the Amazon-owned company. After all, millions use the service daily to find the best deals in their neighborhood, similar to Groupon. And like Groupon, LivingSocial just hasn’t been doing all that well. It’s performance was not mentioned during Amazon’s Q1 2013 financial earnings call this week, but in October, the service wound up with a $169 million loss in Q3 2012.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

LivingSocial’s CEO Tim O’Shaughnessy told employees of the cyberattack in an email and said its databases housing credit cards for customers as affected. Merchant financials and information also were immune to the attack. However, because of the serious nature of the breach and also the scale, the company is temporarily suspending consumer phone-based servicing. Anyone with questions or concerns will unfortunately have to go through the company’s Web interface for now.

The person or group responsible has not yet claimed responsibliity and while O’Shaughnessy says the attack happened “recently”, it wasn’t specific as to how long ago it happened before customers were notified.

Here’s the email that the company sent to customers today:

Subject: An important update on your LivingSocial.com account

LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.

For your security, please create a new password for your < <email_address>> account by following the instructions below.

1. Visit LivingSocial.com

2. Click on the “Create a New Password” button (top right corner of the homepage)

3. Follow the steps to finish

We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s).

The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website — and require you to login — before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.

If you have additional questions about this process, the “Create a New Password” button on LivingSocial.com will direct you to a page that has instructions on creating a new password and answers to frequently asked questions.

We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.

Tim O’Shaughnessy

CEO, LivingSocial

Photo credit: Patrick Lux/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.