BreachExchange mailing list archives
Cyberattackers hack into LivingSocial, 50 million customers impacted
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 26 Apr 2013 18:29:44 -0400
http://www.usatoday.com/story/news/nation/2013/04/26/liviing-social-hacked-passwords-amazon/2116485/ LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive cyberattack on its computer systems, according to officials at the company. The breach has impacted 50 million customers of the Washington, D.C.-based company, who will now be required to reset their passwords. All of LivingSocial's countries across the world appear to have been affected, except in Thailand, Korea, Indonesia and the Philippines. The firm began sending emails to customers Friday afternoon telling them they would have to change their site passwords. "We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue," LivingSocial CEO Tim O'Shaughnessy said in an email. The memo said that customer credit card information was not stolen — it was stored in a separate database. And while the hacker stole customer passwords, they were encrypted and "salted," or scrambled. "Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one," O'Shaughnessy said. The company advised consumers who used their LivingSocial password at other sites to change their password at those sits, also. The firm expects its customer service phone lines to be deluged, so O'Shaughnessy warned that he may decide to temporarily suspend telephone customer service relations. "Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our Web-based servicing," he said. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Cyberattackers hack into LivingSocial, 50 million customers impacted Erica Absetz (Apr 26)