LivingSocial, the second-largest daily deal company behind Groupon Inc, said on Friday it was hit by a cyber attack that may have affected more than 50 million customers.
The company said the attack on its computer systems resulted in unauthorized access to customer data, including names, email addresses, date of birth for some users and “encrypted”passwords. LivingSocial stressed customer credit card and merchants’financial and banking information were not affected or accessed. It also does not store passwords in plain text.
“We are actively working with law enforcement to investigate this issue”, the company, part-owned by Amazon.com Inc, wrote in an email to employees.
LivingSocial did not disclose how many customers it has.
However, spokesman Andrew Weinstein said “a substantial portion”of the company’s customer base was affected. LivingSocial is also contacting customers who closed accounts, because it still has their information stored in databases, he added. The attack hit customers in the United States, Canada, the UK, Ireland, Australia, New Zealand, Malaysia, Southern Europe and Latin America.
LivingSocial told customers in an e-mail that they should log on to LivingSocial.com to create a new password for their accounts. The e-mail reads:
LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.
The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.
The database that stores customer credit card information was not affected or accessed.
Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.
We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s).
The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.
If you have additional questions about this process, the “Create a New Password” button on LivingSocial.com will direct you to a page that has instructions on creating a new password and answers to frequently asked questions.
We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.
Tim O’Shaughnessy, CEO
Malaysians, take heed!