BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Cyberattackers hack into LivingSocial, 50 million customers impacted

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 26 Apr 2013 18:29:44 -0400
http://www.usatoday.com/story/news/nation/2013/04/26/liviing-social-hacked-passwords-amazon/2116485/

LivingSocial, the daily deals site owned in part by Amazon, has
suffered a massive cyberattack on its computer systems, according to
officials at the company.

The breach has impacted 50 million customers of the Washington,
D.C.-based company, who will now be required to reset their passwords.
All of LivingSocial's countries across the world appear to have been
affected, except in Thailand, Korea, Indonesia and the Philippines.

The firm began sending emails to customers Friday afternoon telling
them they would have to change their site passwords.

"We recently experienced a cyber-attack on our computer systems that
resulted in unauthorized access to some customer data from our
servers. We are actively working with law enforcement to investigate
this issue," LivingSocial CEO Tim O'Shaughnessy said in an email.

The memo said that customer credit card information was not stolen —
it was stored in a separate database. And while the hacker stole
customer passwords, they were encrypted and "salted," or scrambled.

"Although your LivingSocial password would be difficult to decode, we
want to take every precaution to ensure that your account is secure,
so we are expiring your old password and requesting that you create a
new one," O'Shaughnessy said.

The company advised consumers who used their LivingSocial password at
other sites to change their password at those sits, also.

The firm expects its customer service phone lines to be deluged, so
O'Shaughnessy warned that he may decide to temporarily suspend
telephone customer service relations.

"Because we anticipate a high call volume and may not be able to
answer or return all calls in a responsible fashion, we are likely to
temporarily suspend consumer phone-based servicing. We will be
devoting all available resources to our Web-based servicing," he said.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: