Info of 50M LivingSocial customers compromised following breach
Posted on 29 April 2013.
LivingSocial, the company behind the eponymous deal-of-the-day website, has confirmed that its computer systems have been breached by attackers and that user information such as names, email addresses, date of birth, and encrypted passwords have been compromised.


LivingSocial is estimated to have more than 70 million registered users and some 50 million of them were likely affected by the breach.

According to The Age and the company spokesman customers from the U.S., Canada, the U.K., Ireland, Australia, New Zealand, Malaysia, Southern Europe and Latin America have had their information compromised, while those from South Korea, Indonesia, Philippines and Thailand are safe.

Read more: http://www.theage.com.au/digital-life/consumer-security/livingsocial-hacked-50m-accounts-exposed-20130429-2ind4.html#ixzz2RqB4Ca19

In an email sent to all registered customers LivingSocial CEO Tim O'Shaughnessy confirmed the breach, but made sure to note that the database that stores customer credit card information was not affected or accessed.

Despite the compromised passwords being both salted and hashed, the company has forced a password reseat on all users.

"We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)," he wrote, adding that they should be wary of emails claiming to be from LivingSocial that request the users to share personal or account information in an email.

O'Shaughnessy also sent out an email to LivingSocial employees, pointing out which information was accessed and which was not (customer credit card information, merchants’ financial and banking information), and adding that they will probably temporarily suspend consumer phone-based servicing because they anticipate a high call volume and "may not be able to answer or return all calls in a responsible fashion."

The FAQ about the breach revealed that LivingSocial passwords were hashed with SHA1 using a random 40 byte salt, but that they have now switched their hashing algorithm to bcrypt.









Spotlight

European Central Bank blackmailed in wake of data breach

Posted on 24 July 2014.  |  The European Central Bank - the central bank for the euro - has suffered a data breach, and has only discovered it after receiving a blackmail letter from the attacker.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //