Info of 50M LivingSocial customers compromised following breach
Posted on 29 April 2013.
LivingSocial, the company behind the eponymous deal-of-the-day website, has confirmed that its computer systems have been breached by attackers and that user information such as names, email addresses, date of birth, and encrypted passwords have been compromised.

LivingSocial is estimated to have more than 70 million registered users and some 50 million of them were likely affected by the breach.

According to The Age and the company spokesman customers from the U.S., Canada, the U.K., Ireland, Australia, New Zealand, Malaysia, Southern Europe and Latin America have had their information compromised, while those from South Korea, Indonesia, Philippines and Thailand are safe.

Read more:

In an email sent to all registered customers LivingSocial CEO Tim O'Shaughnessy confirmed the breach, but made sure to note that the database that stores customer credit card information was not affected or accessed.

Despite the compromised passwords being both salted and hashed, the company has forced a password reseat on all users.

"We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)," he wrote, adding that they should be wary of emails claiming to be from LivingSocial that request the users to share personal or account information in an email.

O'Shaughnessy also sent out an email to LivingSocial employees, pointing out which information was accessed and which was not (customer credit card information, merchantsí financial and banking information), and adding that they will probably temporarily suspend consumer phone-based servicing because they anticipate a high call volume and "may not be able to answer or return all calls in a responsible fashion."

The FAQ about the breach revealed that LivingSocial passwords were hashed with SHA1 using a random 40 byte salt, but that they have now switched their hashing algorithm to bcrypt.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th