back to article LivingSocial admits major hacking attack on customer database

Up to 50 million customers of the Amazon-funded daily deals site LivingSocial are getting an apologetic email from CEO Tim O'Shaughnessy explaining that their information may have been stolen. "LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data …

COMMENTS

This topic is closed for new posts.
  1. Don Jefe
    Meh

    Oh Well.

    While this certainly sucks for users maybe this will hasten the end of the whole idea of paying someone to give your product/service away for you. This entire concept only results in harm to the small businesses that 'deals' sites cater to. It's sad really, preying on desperate small business owners.

    1. S 11
      Mushroom

      Re: Oh Well.

      Right?

      I mean, if you're a business, you likely have a Facebook page. If people want to friend you, or follow you, you can push deals to them on your terms.

      And they gave away all those tablets too. Stupid people leading stupid people.

  2. Anonymous Coward
    Anonymous Coward

    Question

    Is LivingSocial the same as Amazon Local?

    We use the latter quite a lot/

  3. mattb

    Changing other passwords

    "Although the email doesn’t mention it, if your LivingSocial password was used for any other online accounts, then you'd be advised to change those, too."

    The version of the email that I received from LivingSocial actually contained the following advice:

    "We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)."

  4. Anonymous Coward
    Anonymous Coward

    Oopsie, MUCH bigger than reported.

    It seems they bought aload of customer details from Gawker Media to swell their customer userbase, and THAT'S been compromised too.

    I have had emails about LivingSocial hacks today and I have never used Living Social, but the email address it came too was one I registered on a Gawker Media site, namely Kotaku.

    You might want to look into this... It smells like the problem is much larger than it being let on...

    1. Richard 84

      Yahoo should have pulled their finger out...

      Yep, same here.

      Looks like my details from Lifehacker were in the system.

      It seems to be just an email address though as trying to do a password recovery on the site tells you that you have no account, but were listed as receiving a newsletter (that you didn't sign up for).

  5. S 11
    FAIL

    And what good is emailing folks that you might need to change your passwords? Any talented hacker would immediately cross-reference the user to any other web service login and immediately try to log in. You'd still be sleeping when the whole thing was over.

    At what point will government legislatures address this runaway problem?

    1. Richard 12 Silver badge

      It takes some time

      If there are a million user IDs stolen, and it takes the black-hat 1sec for their systems to try each one on all the sites they want to attack, it'll take them about 11.5 days to try them all.

      So if you're in the second half, you might have a 5-day window. (Scale as appropriate)

      If you're in the first few thousand tried you're stuffed, but everyone else may have a chance.

  6. Haku

    I received an email from LivingSocial about the screwup yet I've never had direct dealings with them.

    In the last line of the email it says "You are receiving this email because you have an existing relationship with http://www.livingsocial.com/", yet I've never heard of them before or visited their website or signed up to them.

    Under-the-radar spamming?

    1. Stephen 2

      They bought a lot of smaller companies

      They've bought a lot of smaller companies and customer details from other companies. So it's more likely that they got your details from a partner they paid rather than just spamming you.

      I understand how these hacks happen, usually sql injections and whatever. What I don't get is how someone manages to download such a huge database which would hugely put a major stress on the servers plus use some serious bandwidth and no one in their tech team notice it for such a long time.

      1. Matthew Anderson

        Re: They bought a lot of smaller companies

        We are talking a few gig of data, depending on connection speeds the spike in bandwidth could be over fairly quickly.

      2. Haku

        Re: They bought a lot of smaller companies

        This is what pisses me off about companies and thier data retention in relation to customer records and how they'll happily sell your info to other companies - you get situations like this where a company that you have never directly interacted with suddenly emails you out of the blue saying they got hacked and their customer records were copied and your info is in those records.

        I am not a product, I am a human being FFS.

  7. ecofeco Silver badge
    Trollface

    Oh Dear

    You say something on the cloud was hacked? Again?

    What a surprise.

  8. Jerren
    Boffin

    Hopefully things like this will encourage people never to use the same user ID and password on multiple sites, there are enough devices and apps out there for password management and plenty of high profile hacks out there that people should know better by now...

    Mine's the one with the nifty MyLOK+ USB stick password manager in the pocket...

This topic is closed for new posts.

Other stories you might like