• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar

Before Header

  • Facebook
  • LinkedIn

Law Offices of Jonathan L. Hood

NYC Corporate Law

  • Home
  • Attorneys
    • Jonathan L. Hood, Esq.
    • Benton J. Levy, Esq.
  • Services
    • Prepare Contract
    • Review Contract
    • Prepare Terms of Service and Privacy Policy
    • LLC Formation
    • Corporation Formation
    • Trademark Application
    • Copyright Application
    • Investment
    • Concierge General Counsel
  • Contact
  • Disclaimer

Mobile Menu

  • Home
  • Attorneys
    • Jonathan L. Hood, Esq.
    • Benton J. Levy, Esq.
  • Services
    • Prepare Contract
    • Review Contract
    • Prepare Terms of Service and Privacy Policy
    • LLC Formation
    • Corporation Formation
    • Trademark Application
    • Copyright Application
    • Investment
    • Concierge General Counsel
  • Contact
  • Disclaimer

LivingSocial database hacked

May 15, 2013 //  by Jon

Encrypted passwords, but not credit card data, likely accessed

LivingSocial, the Washington, D.C.-based daily deals website, sent out an email this morning warning users that the site has “recently experienced a cyber-attack” that potentially exposed some sensitive user data.

The email, which confirms that the database containing customer passwords may have been compromised, stresses that “[t]he database that stores customer credit card information was not affected or accessed.” The message also stresses that passwords were stored in “encrypted … technically ‘hashed’ and ‘salted’” form, and thus “would be difficult to decode.”

The email confirms reports yesterday by tech site AllThingsD, which said that it accessed an internal email by LivingSocial CEO Tim O’Shaughnessy to employees of the company stating that a hack had led to “unauthorized access to some customer data from our servers.”

According to AllThingsD, as well as a report from CNN, over 50 million LivingSocial members may have been affected by the hack.

Email: credit card database not accessed

The email sent by LivingSocial reads in part:

“LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.

The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.”

The email, signed by O’Shaughnessy, also encourages users “to consider changing password(s) on any other sites on which you use the same or similar password(s).”

Passwords hashed, salted

In a security noticed posted on the company’s website, the company explained how it secures customer passwords in its database. The passwords, LivingSocial said, “were hashed with SHA1 using a random 40 byte salt,” meaning that “our system took the passwords entered by customers and used an algorithm to change them into a unique data string (essentially creating a unique data fingerprint) – that’s the ‘hash’. To add an additional layer of protection, the ‘salt’ elongates the password and adds complexity.”

The page also said that LivingSocial is “working with internal and external forensic security teams to investigate the nature of the incident and to further improve our security systems, and we are working with law enforcement to investigate this incident.”

(originally published at ConsumerAffairs.com)

Category: blogTag: hacking, livingsocial, security breach

Previous Post: « Appeals court throws out credit reporting settlement
Next Post: Woman sues hospital over “Shy Bladder Syndrome” »

Primary Sidebar

Recent Posts

  • The Uber Employee vs. Independent Contractor Dilemma
  • What Does CAN-SPAM Require?
  • What Documents Should My Team Sign?
  • Using a Bad Contract Template
  • LLC vs. S-corp vs. C-corp

Tags

American Civil Liberties Union (ACLU) Americans With Disabilities Act (ADA) apple arbitration bank of america civil rights class action compliance corporate structure corporate taxation corporation criminal justice discrimination ea sports Electronic Frontier Foundation (EFF) employment employment law Facebook federal trade commission (FTC) Fourth Amendment Gawker gay rights Google hacking hurricane sandy injunction intellectual property law enforcement LLC national football league (NFL) New York City NYPD privacy racism same-sex marriage s corporation securities class action security breach settlement smartphones sports law stop-and-frisk terms of service Terms of Use U.S. Supreme Court
  • Practice Areas
  • Attorneys
  • Success Stories
  • Blog
  • Privacy Policy

ATTORNEY ADVERTISING
Prior results do not guarantee similar outcomes in future cases. Please read our disclaimer. This Website contains general information only.
The information presented at this Website does not constitute legal advice or the formation of an attorney-client relationship.

The Law Offices of Jonathan L. Hood, P.C.
43 W. 43rd Street, Suite 107, New York, NY 10036
Copyright © 2021 · Law Offices of Jonathan L. Hood, P.C. · Web Design by: WarMarks