LivingSocial admits major hacking attack on customer database Up to 50 million customers of the Amazon-funded daily deals site LivingSocial are getting an apologetic email from CEO Tim O'Shaughnessy explaining that their information may have been stolen. "LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data …
While this certainly sucks for users maybe this will hasten the end of the whole idea of paying someone to give your product/service away for you. This entire concept only results in harm to the small businesses that 'deals' sites cater to. It's sad really, preying on desperate small business owners.
"Although the email doesn’t mention it, if your LivingSocial password was used for any other online accounts, then you'd be advised to change those, too."
The version of the email that I received from LivingSocial actually contained the following advice:
"We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)."
It seems they bought aload of customer details from Gawker Media to swell their customer userbase, and THAT'S been compromised too.
I have had emails about LivingSocial hacks today and I have never used Living Social, but the email address it came too was one I registered on a Gawker Media site, namely Kotaku.
You might want to look into this... It smells like the problem is much larger than it being let on...
Yep, same here.
Looks like my details from Lifehacker were in the system.
It seems to be just an email address though as trying to do a password recovery on the site tells you that you have no account, but were listed as receiving a newsletter (that you didn't sign up for).
And what good is emailing folks that you might need to change your passwords? Any talented hacker would immediately cross-reference the user to any other web service login and immediately try to log in. You'd still be sleeping when the whole thing was over.
At what point will government legislatures address this runaway problem?
If there are a million user IDs stolen, and it takes the black-hat 1sec for their systems to try each one on all the sites they want to attack, it'll take them about 11.5 days to try them all.
So if you're in the second half, you might have a 5-day window. (Scale as appropriate)
If you're in the first few thousand tried you're stuffed, but everyone else may have a chance.
I received an email from LivingSocial about the screwup yet I've never had direct dealings with them.
In the last line of the email it says "You are receiving this email because you have an existing relationship with http://www.livingsocial.com/", yet I've never heard of them before or visited their website or signed up to them.
Under-the-radar spamming?
They've bought a lot of smaller companies and customer details from other companies. So it's more likely that they got your details from a partner they paid rather than just spamming you.
I understand how these hacks happen, usually sql injections and whatever. What I don't get is how someone manages to download such a huge database which would hugely put a major stress on the servers plus use some serious bandwidth and no one in their tech team notice it for such a long time.
This is what pisses me off about companies and thier data retention in relation to customer records and how they'll happily sell your info to other companies - you get situations like this where a company that you have never directly interacted with suddenly emails you out of the blue saying they got hacked and their customer records were copied and your info is in those records.
I am not a product, I am a human being FFS.
Hopefully things like this will encourage people never to use the same user ID and password on multiple sites, there are enough devices and apps out there for password management and plenty of high profile hacks out there that people should know better by now...
Mine's the one with the nifty MyLOK+ USB stick password manager in the pocket...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
