Report: LivingSocial Hacked

AllThingsD's Kara Swisher is reporting that popular daily deals site LivingSocial "has suffered a massive cyber-attack on its computer systems."

  • Share
  • Read Later

AllThingsD’s Kara Swisher is reporting that popular daily deals site LivingSocial “has suffered a massive cyber-attack on its computer systems.” Swisher continues to say that 50 million customers have been affected and will need to reset their passwords.

Here’s a snippet from an internal e-mail sent to LivingSocial employees and apparently obtained by AllThingsD:

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

Two things you should know:

1. * The database that stores customer credit card information was not affected or accessed.

2. * The database that stores merchants’ financial and banking information was not affected or accessed.

So it looks like some personal info may have fallen into the wrong hands, but credit card and other financial details should be safe. If you have a strong enough password, it’ll hopefully be difficult enough to decrypt to avoid any misuse. (Here’s a refresher about how to create strong online passwords.) At any rate, you’ll want to change your current LivingSocial password to something new just in case.

LivingSocial Hacked — More Than 50 Million Customers Impacted [AllThingsD.com]

1 comments
ulftmattsson
ulftmattsson

I think that it is severe that "personal info may have fallen into the wrong hands". I think that "customer data including names, email addresses and dates of birth" should be protected from hackers.

The good news is that some organizations are starting to add a more effective attack prevention based on a granular protection at the data field level is needed. When combining this with a Data Usage Control function that is monitoring access to sensitive data fields, can be very effective in blocking abnormal attempts to access data, both from external and internal threats.

I recently read an interesting study from Aberdeen Group about security-related incidents. The study revealed that “Over the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-users”.

The name of the study, released a few months ago, is “Tokenization Gets Traction”. Aberdeen has also seen “a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data”. 

Ulf Mattsson, CTO Protegrity