LivingSocial Customer Data Compromised
April 27, 2013

Daily Deal Website LivingSocial Hacked Friday

redOrbit Staff & Wire Reports - Your Universe Online

Hackers reportedly hit Amazon-backed daily deals website LivingSocial Friday, compromising the account information of an estimated 50 million members.

According to Forbes staff writer Kashmir Hill, the attack affected more than 70 percent of the more than 70 million people who have signed up to do business with the Washington, DC-based company.

The hackers did not gain access to financial or credit card details, but they were able to get customer names, email addresses, date of birth information for some users, and encrypted passwords, she added.

Affected customers are being required to reset their passwords, though a company spokesman told Thomas Heath of the Washington Post the encrypted status of those passwords will make it difficult for the cyberattackers to exploit.

“LivingSocial did say it ℠hashed´ passwords — which involves mashing up users´ passwords with a mathematical algorithm — and ℠salted´ them, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack,” Nicole Perlroth of the New York Times explained.

The server that was compromised in the attack stored information belonging to LivingSocial customers in North America, Australia, New Zealand, the UK, Ireland and Malaysia, as well as its LetsBonus users in Southern Europe and Latin America, Heath said. The company´s subsidiaries in South Korea, Thailand, Indonesia and the Philippines — Ticketmonster and Ensogo — store data on different servers and were not affected.

“Our only quibble about Living Social's handling of the cyberattack is that the main-page notice doesn't specifically state that the site has been hacked,” Hot Hardware´s Joshua Gulick noted. “The big password banner is eye-catching, but if you don't know the site has been hacked, you might just blow it off and figure you'll change the password eventually — a decision you might have made differently had you known about the breach. Aside from that, it looks like LivingSocial is going out of its way to keep customers informed, and that's worth noting.”

The news wasn´t all bad for LivingSocial on Friday, though. The company reported it had drastically reduced its first quarter operating losses, from $91 million in 2012 to just $44 million this year, according to Heath. It also reported a $25 million increase in first-quarter revenue, from $110 million last year to $135 million in 2013.

“LivingSocial´s reduced losses, a rare bright spot in recent months, likely reflects the massive cost-cutting and reorganization the company undertook over the past year, including closing many overseas operations and eliminating 400 jobs in the United States in November, with 160 of those in the District,” he added. “The company has endured several executive shake-ups. Last month, co-founder and chief technology officer Aaron Batalion announced he was leaving the company, nearly a year to the day that another co-founder had resigned.”