LivingSocial Cyber Attack Affects Millions of Customers

LivingSocial, the second-largest daily deal company behind Groupon Inc, said on Friday it was hit by a cyber attack that may have affected more than 50 million customers.

The company said the attack on its computer systems resulted in unauthorized access to customer data including names, email addresses, “encrypted” passwords and some users’ dates of birth, according to an internal memo emailed to employees and obtained by AllThingsD. Photo: GlobeSign/Flickr

Popular daily deals website LivingSocial announced a massive cyberattack on its database. It is estimated 50 million customers across the globe are affected.

The company said the attack on its computer systems resulted in unauthorized access to customer data, including names, email addresses, date of birth for some users and “encrypted” passwords.

LivingSocial stressed customer credit card and merchants’ financial and banking information were not affected or accessed. It also does not store passwords in plain text, says Reuters.

Reportedly, credit card information was not one of the types of data stolen, according to company officials. LivingSocial CEO Tim O’Shaughnessy said that information was stored in a separate database.

About 50 million customers, located in numerous countries, are affected by this exploit.

According to media reports, customers living in countries located in North America, Australia, New Zealand, United Kingdom, Ireland and Malaysia and its LetsBonus users in Southern Europe and Latin America are all impacted.

The firm began sending emails to customers Friday afternoon telling them they would have to change their site passwords.

“We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue,” LivingSocial CEO Tim O’Shaughnessy said in an email.

“Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,” O’Shaughnessy said.

The firm expects its customer service phone lines to be deluged, so O’Shaughnessy warned that he may decide to temporarily suspend telephone customer service relations.

“Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our Web-based servicing,” he said.

The attack comes as LivingSocial struggles to handle a decline in consumer and merchant demand for daily deals.

The company raised $110 million from investors, including Amazon earlier this year, but was forced to make large concessions to get the new money.

“In light of recent successful widespread attacks against major social networking sites, it’s obvious that these providers are simply not doing enough to protect their customers’ information,” said George Tubin, senior security strategist at Trusteer, a computer security company

According to the Washington Post, the cyberattack was announced on the same day LivingSocial reported 1Q earnings which showed an operating loss of $44 million for the quarter, compared with a $91 million loss in 1Q 2012. The company also had an increase in revenue when compared to last year’s1Q numbers.

While credit card information was not stolen, customers should be on alert that they may see obviously spoofed or “legitimate looking” emails arrive in their inboxes.

It is not uncommon after this type of breach for a surge of phishing emails to follow as scammers attempt to obtain additional information to use for financial or identity theft, informs Digital Journal.

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.