LivingSocial Hacked, 50 Million Users Compromised

LivingSocial’s revenue struggles aren’t its only headache today. The daily deals site has been hacked. The Washington, D.C.-based company, which relies heavily on investment from Amazon, has over 70 million members; the accounts of over 70 percent of them — 50 million members — were compromised by a recent cyber attack.

The hackers did not get financial or credit card details, but did get access to “names, email addresses, date of birth for some users, and encrypted passwords — technically “hashed” and “salted” passwords,” according to an internal memo circulated to employees that was obtained by AllThingsD. “We never store passwords in plain text,” notes CEO Tim O’Shaughnessy in the memo.

So if you’re among the affected users, the hackers have just the right amount of information to phish you. The site is sending out emails to customers advising them to change their passwords.

Beware emails that purport to be from LivingSocial that are actually from malicious parties seeking to take advantage of known customers of the site. In official emails, LivingSocial is advising members to visit its homepage and click on a “Create a New Password” button at the top of the site.

Though the passwords were encrypted, the site is “encourag[ing] you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s).”

So, yes, if you’re one of those people who use the same password, or a variation on the same password, on multiple sites, now would be a good time to change that inadvisable practice.


Back to top