The daily deals provider LivingSocial was the target of a cyber attack that could have exposed account data for 50 million customers — although they are being asked to reset their passwords in the latest of a sporadic wave of hacks on high-profile sites.
However, LivingSocial said the database that stores customer credit card information was not affected or accessed.
Amazon-backed LivingSocial is the No. 2 biggest daily-offerings site, where you can see localized discounts for restaurants, events, health spas and even teeth cleanings. Groupon is the biggest.
The information accessed at Washington, D.C.-based LivingSocial includes: names, email addresses, date of birth for some users, and encrypted passwords — “technically ‘hashed’ and ‘salted’ passwords,” the company said in a lengthy statement on its website. It does not store passwords in plain text.
Nonetheless, LivingSocial is taking no chances as it cooperates with law enforcement on the cyber attack.
“Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,” the company said.
LivingSocial said it does not believe that customer accounts were actually breached.
Here is the company’s explanation:
We do not believe that any customer accounts have been compromised due to this incident. It is difficult to decode a password that has gone through the hashing and salting process, and we have not received any abnormal reports of accounts with unauthorized charges or activity. We are enhancing our monitoring of accounts for any unusual activity on an ongoing basis. Out of an abundance of caution, we request that customers create new passwords.