Daily deal website LivingSocial suffered a data breach compromising emails, passwords and more information for most of the site’s users resulting in the site requiring user’s to reset their passwords.
Hackers were able to access databases storing LivingSocial user information for 50 million of their 70 million service users. Compromised information included the victim’s name, date of birth, email address and password. The method of attack resulting in unauthorized access to the database and when the intrusion occurred have not been disclosed as not to compromise the ongoing investigation.
Although a large scale data breach, there are two silver linings. The first being that customer credit card and financial data was not compromised as this information was stored in a separate database that was unaffected. Additionally, the compromised passwords were encrypted, both hashed and salted. Despite the fact that passwords were encrypted, being compromised with an email address and the tendency consumers have to reuse passwords across multiple sites and logins presents account takeover risks. At the very least the compromised names, dates of birth and email addresses warrants concern for phishing attacks.
Events like this underscore the importance of storing sensitive information like passwords in an encrypted format as well keeping personal and payment data in separate locations so it is less likely the two can both be compromised and used together. But even with these precautionary steps taken, data breaches on this large of scale are still damaging to the brand and the affected consumers who may be targets of account takeover, phishing attacks and other scams.
For more information: