• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar

Before Header

  • Facebook
  • LinkedIn

Hood Venture Counsel, P.C.

NYC Corporate Law

  • Home
  • Attorneys
    • Jonathan L. Hood, Esq.
    • Benton J. Levy, Esq.
  • Services
    • Contract Preparation/Review
    • Terms of Service and Privacy Policy
    • Entity Formation
    • Trademark Application
    • Copyright Application
    • Compliance
    • Not-for-Profits
    • Investment
    • Concierge General Counsel
  • Contact
  • Disclaimer

Mobile Menu

  • Home
  • Attorneys
    • Jonathan L. Hood, Esq.
    • Benton J. Levy, Esq.
  • Services
    • Contract Preparation/Review
    • Terms of Service and Privacy Policy
    • Entity Formation
    • Trademark Application
    • Copyright Application
    • Compliance
    • Not-for-Profits
    • Investment
    • Concierge General Counsel
  • Contact
  • Disclaimer

LivingSocial database hacked

May 15, 2013 //  by Jon

Encrypted passwords, but not credit card data, likely accessed

LivingSocial, the Washington, D.C.-based daily deals website, sent out an email this morning warning users that the site has “recently experienced a cyber-attack” that potentially exposed some sensitive user data.

The email, which confirms that the database containing customer passwords may have been compromised, stresses that “[t]he database that stores customer credit card information was not affected or accessed.” The message also stresses that passwords were stored in “encrypted … technically ‘hashed’ and ‘salted’” form, and thus “would be difficult to decode.”

The email confirms reports yesterday by tech site AllThingsD, which said that it accessed an internal email by LivingSocial CEO Tim O’Shaughnessy to employees of the company stating that a hack had led to “unauthorized access to some customer data from our servers.”

According to AllThingsD, as well as a report from CNN, over 50 million LivingSocial members may have been affected by the hack.

Email: credit card database not accessed

The email sent by LivingSocial reads in part:

“LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.”

The email, signed by O’Shaughnessy, also encourages users “to consider changing password(s) on any other sites on which you use the same or similar password(s).”

Passwords hashed, salted

In a security noticed posted on the company’s website, the company explained how it secures customer passwords in its database. The passwords, LivingSocial said, “were hashed with SHA1 using a random 40 byte salt,” meaning that “our system took the passwords entered by customers and used an algorithm to change them into a unique data string (essentially creating a unique data fingerprint) – that’s the ‘hash’. To add an additional layer of protection, the ‘salt’ elongates the password and adds complexity.”

The page also said that LivingSocial is “working with internal and external forensic security teams to investigate the nature of the incident and to further improve our security systems, and we are working with law enforcement to investigate this incident.”

(originally published at ConsumerAffairs.com)

Category: blogTag: hacking, livingsocial, security breach

Previous Post: « Appeals court throws out credit reporting settlement
Next Post: Woman sues hospital over “Shy Bladder Syndrome” »

Primary Sidebar

Recent Posts

  • Ten Common Startup Business Mistakes to Avoid
  • The Latest on Legalized Cannabis in New York and What It Means for Your New Cannabis Business
  • Trademarks 101 – What You Need to Know About Getting a Trademark
  • C-Corp, S-Corp, or LLC? Choosing the Right Structure for Your Business
  • Six Things You Need to Know Before Starting Your Own Business

Tags

American Civil Liberties Union (ACLU) Americans With Disabilities Act (ADA) apple arbitration bank of america civil rights class action compliance contracts corporate structure corporate taxation corporation criminal justice discrimination ea sports Electronic Frontier Foundation (EFF) employee employment employment law entrepreneur entrepreneurship Facebook federal trade commission (FTC) Fourth Amendment Gawker gay rights Google hurricane sandy injunction intellectual property law enforcement LLC national football league (NFL) New York City NYPD privacy same-sex marriage s corporation settlement smartphones sports law stop-and-frisk terms of service Terms of Use U.S. Supreme Court
  • Practice Areas
  • Attorneys
  • Success Stories
  • Blog
  • Privacy Policy

Site Footer

Hood Venture Counsel, P.C.

43 W. 43rd Street, Suite 107, New York, NY 10036

Copyright © 2021 · Hood Venture Counsel, P.C. · Web Design by: WarMarks