Up to 50 million customers of the Amazon-funded daily deals site LivingSocial are getting an apologetic email from CEO Tim O'Shaughnessy explaining that their information may have been stolen. "LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from …
While this certainly sucks for users maybe this will hasten the end of the whole idea of paying someone to give your product/service away for you. This entire concept only results in harm to the small businesses that 'deals' sites cater to. It's sad really, preying on desperate small business owners.
Re: Oh Well.
I mean, if you're a business, you likely have a Facebook page. If people want to friend you, or follow you, you can push deals to them on your terms.
And they gave away all those tablets too. Stupid people leading stupid people.
Is LivingSocial the same as Amazon Local?
We use the latter quite a lot/
Changing other passwords
"Although the email doesn’t mention it, if your LivingSocial password was used for any other online accounts, then you'd be advised to change those, too."
The version of the email that I received from LivingSocial actually contained the following advice:
"We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)."
Oopsie, MUCH bigger than reported.
It seems they bought aload of customer details from Gawker Media to swell their customer userbase, and THAT'S been compromised too.
I have had emails about LivingSocial hacks today and I have never used Living Social, but the email address it came too was one I registered on a Gawker Media site, namely Kotaku.
You might want to look into this... It smells like the problem is much larger than it being let on...
Yahoo should have pulled their finger out...
Yep, same here.
Looks like my details from Lifehacker were in the system.
It seems to be just an email address though as trying to do a password recovery on the site tells you that you have no account, but were listed as receiving a newsletter (that you didn't sign up for).
And what good is emailing folks that you might need to change your passwords? Any talented hacker would immediately cross-reference the user to any other web service login and immediately try to log in. You'd still be sleeping when the whole thing was over.
At what point will government legislatures address this runaway problem?
It takes some time
If there are a million user IDs stolen, and it takes the black-hat 1sec for their systems to try each one on all the sites they want to attack, it'll take them about 11.5 days to try them all.
So if you're in the second half, you might have a 5-day window. (Scale as appropriate)
If you're in the first few thousand tried you're stuffed, but everyone else may have a chance.
I received an email from LivingSocial about the screwup yet I've never had direct dealings with them.
In the last line of the email it says "You are receiving this email because you have an existing relationship with http://www.livingsocial.com/", yet I've never heard of them before or visited their website or signed up to them.
They bought a lot of smaller companies
They've bought a lot of smaller companies and customer details from other companies. So it's more likely that they got your details from a partner they paid rather than just spamming you.
I understand how these hacks happen, usually sql injections and whatever. What I don't get is how someone manages to download such a huge database which would hugely put a major stress on the servers plus use some serious bandwidth and no one in their tech team notice it for such a long time.
Re: They bought a lot of smaller companies
We are talking a few gig of data, depending on connection speeds the spike in bandwidth could be over fairly quickly.
Re: They bought a lot of smaller companies
This is what pisses me off about companies and thier data retention in relation to customer records and how they'll happily sell your info to other companies - you get situations like this where a company that you have never directly interacted with suddenly emails you out of the blue saying they got hacked and their customer records were copied and your info is in those records.
I am not a product, I am a human being FFS.
You say something on the cloud was hacked? Again?
What a surprise.
Hopefully things like this will encourage people never to use the same user ID and password on multiple sites, there are enough devices and apps out there for password management and plenty of high profile hacks out there that people should know better by now...
Mine's the one with the nifty MyLOK+ USB stick password manager in the pocket...