Popular daily deals website LivingSocial announced a massive cyberattack on its database. It is estimated 50 million customers across the globe are affected.
The company said the attack on its computer systems resulted in unauthorized access to customer data, including names, email addresses, date of birth for some users and “encrypted” passwords.
LivingSocial stressed customer credit card and merchants’ financial and banking information were not affected or accessed. It also does not store passwords in plain text, says Reuters.
Reportedly, credit card information was not one of the types of data stolen, according to company officials. LivingSocial CEO Tim O’Shaughnessy said that information was stored in a separate database.
About 50 million customers, located in numerous countries, are affected by this exploit.
According to media reports, customers living in countries located in North America, Australia, New Zealand, United Kingdom, Ireland and Malaysia and its LetsBonus users in Southern Europe and Latin America are all impacted.
The firm began sending emails to customers Friday afternoon telling them they would have to change their site passwords.
“We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue,” LivingSocial CEO Tim O’Shaughnessy said in an email.
“Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,” O’Shaughnessy said.
The firm expects its customer service phone lines to be deluged, so O’Shaughnessy warned that he may decide to temporarily suspend telephone customer service relations.
“Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our Web-based servicing,” he said.
The attack comes as LivingSocial struggles to handle a decline in consumer and merchant demand for daily deals.
The company raised $110 million from investors, including Amazon earlier this year, but was forced to make large concessions to get the new money.
“In light of recent successful widespread attacks against major social networking sites, it’s obvious that these providers are simply not doing enough to protect their customers’ information,” said George Tubin, senior security strategist at Trusteer, a computer security company
According to the Washington Post, the cyberattack was announced on the same day LivingSocial reported 1Q earnings which showed an operating loss of $44 million for the quarter, compared with a $91 million loss in 1Q 2012. The company also had an increase in revenue when compared to last year’s1Q numbers.
While credit card information was not stolen, customers should be on alert that they may see obviously spoofed or “legitimate looking” emails arrive in their inboxes.
It is not uncommon after this type of breach for a surge of phishing emails to follow as scammers attempt to obtain additional information to use for financial or identity theft, informs Digital Journal.