{"id":1988,"date":"2013-04-29T10:22:13","date_gmt":"2013-04-29T14:22:13","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1988"},"modified":"2013-04-29T10:22:13","modified_gmt":"2013-04-29T14:22:13","slug":"livingsocial-hacked-information-of-50-million-users-exposed","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/04\/29\/livingsocial-hacked-information-of-50-million-users-exposed\/","title":{"rendered":"LivingSocial Hacked: Information of 50 Million Users Exposed"},"content":{"rendered":"

\u201cLivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers,\u201d the company said in a brief note on its site while prompting users to reset their passwords.
\nAccording to an internal email from LivingSocial CEO Tim O\u2019Shaughnessy obtained by AllThingsD.com, the attackers were able to access informing including names, email addresses, date of birth for some users, and passwords, which fortunately were hashed and salted.
\n\u201cAlthough your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,\u201d the alert from LivingSocial continued.
\nThe database that stores customer credit card information was not accessed by the attacker, the company said.
\n\u201cThese providers should expect hackers to target their systems to obtain customer data or sensitive corporate information,\u201d George Tubin, senior security strategist at Trusteer told SecurityWeek.
\nSimilar to other somewhat recent breaches that occurred at LinkedIn and Evernote, breaches like this give hackers access to massive amounts of sensitive user data in one single hit\u2014that can be user in additional attacks down the road.
\nRoss Barrett, senior manager, security engineering at Boston-based Rapid7 agrees that attackers continue to target valuable customer data.
\n\u201cThe breach of 50 million passwords, birthdates and names from daily deal site LivingSocial is another reminder that organizations will continue to be targeted for their valuable customer data,\u201d Barrett told SecurityWeek in an emailed statement.
\n\u201cWhile it is good that the passwords stolen from LivingSocial are hashed and salted as this likely slow down the cracking process, it won\u2019t stop it.\u201d
\n\u201cOnce they had cracked the first round with the tools at their disposal, they posted the hashes in a Russian hacker forum where other motivated individuals with the necessary skills and more advanced cracking tools were able to help decode the remaining passwords,\u201d Barrett continued. \u201cWhile salting the passwords will slow this process down further, eventually the attackers or their network will get the information they\u2019re after.\u201d
\n\u201cHashing uses mathematical algorithms to create a seemingly random value, determined by the input (your password) which is difficult even for computers, to reverse,\u201d Barrett explained. \u201cSalting is an additional layer of security added on top of the encryption to make it more difficult \u2013 but not impossible \u2013 to decode.\u201d
\nIn the LinkedIn breach, which exposed 6.46 million passwords, the passwords were hashed, but not salted.
\n\u201cOnce the nature of the salt is determined, they can uncover the passwords much quicker,\u201d Barrett said.
\nWith financial information not exposed in this attack, some may dismiss the type of data harvested as a minor threat, but having access to customer lists opens the opportunity for targeted phishing and social engineering attacks. For example, being able to send a targeted phishing message with the ability to address a user by name will certainly result in a much higher \u201chit rate\u201d than a typical \u201cblind\u201d spamming campaign would yield.
\n\u201cIf you, like many people do, use the same password for other online accounts, change those ASAP,\u201d Barrett said. \u201cOnce the passwords are uncovered, hackers will turn to popular sites like Facebook, LinkedIn, Gmail and so on. These breaches are another reminder why it\u2019s so important to maintain good password hygiene and use different passwords for all accounts and sites.\u201d
\n\u201cIn light of recent successful widespread attacks against major social networking sites, it’s obvious that these providers are simply not doing enough to protect their customers’ information,\u201d Tubin added.
\nLivingSocial said they are actively working with law enforcement to investigate the incident but have not provided any additional details.
\n\u201cIt\u2019s likely this user data will be powering attacks for a very long time,\u201d Barrett said.
\nvia LivingSocial Hacked: Information of 50 Million Users Exposed | SecurityWeek.Com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

\u201cLivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6,7],"tags":[245,451],"class_list":["post-1988","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-cyber-attack","tag-hacked"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-w4","jetpack-related-posts":[{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":1988,"position":0},"title":"Millsplain It to Me – This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9450,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/20\/are-passwords-immortal-security-now-690\/","url_meta":{"origin":1988,"position":1},"title":"Are Passwords Immortal? – Security Now 690","author":"NCCT","date":"November 20, 2018","format":false,"excerpt":"https:\/\/youtu.be\/mOSTtkK7vy0 Pwn2Own, the Future of Passwords. -- All the action at last week's Pwn2Own Mobile hacking contest -- The final word on processor mis-design in the Meltdown\/Spectre era -- A workable solution for unsupported Intel firmware upgrades for hostile environments -- A forthcoming Firefox breach alert feature -- The expected\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/mOSTtkK7vy0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":1988,"position":2},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9428,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/28\/all-the-presidents-phones-this-week-in-tech-690\/","url_meta":{"origin":1988,"position":3},"title":"All the President’s Phones – This Week in Tech 690","author":"NCCT","date":"October 28, 2018","format":false,"excerpt":"https:\/\/youtu.be\/pmfcU05twvo IBM buys Red Hat, worst Windows 10 ever, Right to Repair wins, and more. -- What's in store for Apple's big event this Tuesday? -- Tim Cook vs the \"data industrial complex\" -- Amazon's government controversies -- IBM buys Red Hat for $34 billion - the largest software purchase\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/pmfcU05twvo\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9337,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/05\/06\/this-week-in-tech-665-konnichihuahua\/","url_meta":{"origin":1988,"position":4},"title":"This Week in Tech 665: Konnichihuahua","author":"NCCT","date":"May 6, 2018","format":false,"excerpt":"https:\/\/youtu.be\/DkivlhEOks8 Apple has its best Q2 ever, despite analyst predictions. 20 years of iMac. Cambridge Analytica must give US voter his data. Unroll.me foiled by GDPR. NPR buys PocketCasts. Change your Twitter password. Sprint\/T-Mobile merger. Net Neutrality vote in the Senate May 9th. Cyber Command gets a promotion.","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/DkivlhEOks8\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9403,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/01\/older-than-the-mini-jack-this-week-in-tech-686\/","url_meta":{"origin":1988,"position":5},"title":"Older Than the Mini Jack – This Week in Tech 686","author":"NCCT","date":"October 1, 2018","format":false,"excerpt":"https:\/\/youtu.be\/a2BeanU0FsU Facebook breach, Elon\u2019s costly tweet, Google turns 20, and more. --How to tell if your Facebook account is one of the 50 million that were hacked this week --Why the founder of Instagram left Facebook --\"Funding secured\" tweet costs Elon Musk his chairmanship and $40 million --Google turns 20\u2026","rel":"","context":"In "Social Media"","block_context":{"text":"Social Media","link":"https:\/\/nccomputertech.com\/techtalk\/category\/social-media\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/a2BeanU0FsU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1988"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1988\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}