LivingSocial security breach

Forums › Social networks, social media and tools › LivingSocial security breach

Klipspringer

2385 posts

Uber Geek
Inactive user

#116389 27-Apr-2013 19:06

Seems like these security breaches are happening more and more.

This one from Living Social just arrived in my inbox.

IMPORTANT INFORMATION

LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.

Klipspringer

2385 posts

Uber Geek
Inactive user

#806447 27-Apr-2013 19:07

Hackers target LivingSocial, stealing the personal data of more than 50 million people in an enormous security breach.

SaltyNZ

8229 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#806464 27-Apr-2013 19:31

Unfortunately I could not see a 'delete my account' option. Does anyone know where it is?

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

gzt

17122 posts

Uber Geek

Lifetime subscriber

#806515 27-Apr-2013 21:34

Yeah, really annoying. Changed my password this morning after the news. Later in the afternoon received the message about the system password reset. Hmm.

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#806530 27-Apr-2013 22:01

I actually never created an account, but might have entered a competition. They took this opportunity to spam my spare email address. Basically they sent an email to everyone in their database. I then checked my eWallet file and I don't have a password. Went to the site clicked "Forgot password" and entered my spare email address.

The results say "Even though you receive our newsletter you don't have an account. Create one now" (no, never received a newsletter).

Basically they not only had a security problem, they took the opportunity to send emails to everyone, regardless of having an account or not. Pretty poor.

jarledb

Webhead
3257 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#806574 28-Apr-2013 04:35

A good time to remind people not to use the same password on several different services.

One good way to deal with lots of passwords, is to auto create them (good long passwords of 14+ letters/numbers) and use a service like Lastpassword or 1Password (my favorite) to deal with entering passwords on the different services.

That way your email and other services aren't in jeopardy if one of the services you use get hacked.

LinkedIn, PS Networks etc. are good examples that its not only small services/sites that gets hacked and bleed usernames and passwords.

Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

Klipspringer

2385 posts

Uber Geek
Inactive user

#807083 29-Apr-2013 09:15

jarledb: A good time to remind people not to use the same password on several different services.

One good way to deal with lots of passwords, is to auto create them (good long passwords of 14+ letters/numbers) and use a service like Lastpassword or 1Password (my favorite) to deal with entering passwords on the different services.

That way your email and other services aren't in jeopardy if one of the services you use get hacked.

LinkedIn, PS Networks etc. are good examples that its not only small services/sites that gets hacked and bleed usernames and passwords.

Thanks for the tip. Going to try this out.

gzt

17122 posts

Uber Geek

Lifetime subscriber

#807095 29-Apr-2013 09:28

Date of birth is another issue to consider.

How many services have a genuine need for your exact date of birth?

Not LivingSocial that's for sure.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#807096 29-Apr-2013 09:30

Klipspringer:
jarledb: One good way to deal with lots of passwords, is to auto create them (good long passwords of 14+ letters/numbers) and use a service like Lastpassword or 1Password (my favorite) to deal with entering passwords on the different services.

Thanks for the tip. Going to try this out.

LastPass (which I think jarledb is talking as "lastpassword") uses Google Authenticator for two factor security if you want to go even further. There are Google Authenticator apps in all mobile platforms.

I also use Google Authenticator on Google Account, Microsoft Windows account, Dropbox, Lastpass. I use SMS authentication on Facebook and a couple of other services.

Oriphix

523 posts

Ultimate Geek

#807097 29-Apr-2013 09:34

I personally use Keepass. Its free and you can get a portable version for iPhone (I think you can get it for android as well) so take your passwords with you as well.

Behodar

10504 posts

Uber Geek

Trusted

Lifetime subscriber

#807110 29-Apr-2013 09:53

gzt: Date of birth is another issue to consider.

How many services have a genuine need for your exact date of birth?

Not LivingSocial that's for sure.

Agreed. I'm not familiar with LivingSocial but I don't like sites that "require" data that they don't actually need. For example, I haven't registered with Pizza Hut because they won't let me create an account without providing my physical address (I only ever do pickups). It's not that I don't trust Pizza Hut, but rather that I don't trust potential hackers!