{"id":1988,"date":"2013-04-29T10:22:13","date_gmt":"2013-04-29T14:22:13","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1988"},"modified":"2013-04-29T10:22:13","modified_gmt":"2013-04-29T14:22:13","slug":"livingsocial-hacked-information-of-50-million-users-exposed","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/04\/29\/livingsocial-hacked-information-of-50-million-users-exposed\/","title":{"rendered":"LivingSocial Hacked: Information of 50 Million Users Exposed"},"content":{"rendered":"<p>\u201cLivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers,\u201d the company said in a brief note on its site while prompting users to reset their passwords.<br \/>\nAccording to an internal email from LivingSocial CEO Tim O\u2019Shaughnessy obtained by AllThingsD.com, the attackers were able to access informing including names, email addresses, date of birth for some users, and passwords, which fortunately were hashed and salted.<br \/>\n\u201cAlthough your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,\u201d the alert from LivingSocial continued.<br \/>\nThe database that stores customer credit card information was not accessed by the attacker, the company said.<br \/>\n\u201cThese providers should expect hackers to target their systems to obtain customer data or sensitive corporate information,\u201d George Tubin, senior security strategist at Trusteer told SecurityWeek.<br \/>\nSimilar to other somewhat recent breaches that occurred at LinkedIn and Evernote, breaches like this give hackers access to massive amounts of sensitive user data in one single hit\u2014that can be user in additional attacks down the road.<br \/>\nRoss Barrett, senior manager, security engineering at Boston-based Rapid7 agrees that attackers continue to target valuable customer data.<br \/>\n\u201cThe breach of 50 million passwords, birthdates and names from daily deal site LivingSocial is another reminder that organizations will continue to be targeted for their valuable customer data,\u201d Barrett told SecurityWeek in an emailed statement.<br \/>\n\u201cWhile it is good that the passwords stolen from LivingSocial are hashed and salted as this likely slow down the cracking process, it won\u2019t stop it.\u201d<br \/>\n\u201cOnce they had cracked the first round with the tools at their disposal, they posted the hashes in a Russian hacker forum where other motivated individuals with the necessary skills and more advanced cracking tools were able to help decode the remaining passwords,\u201d Barrett continued. \u201cWhile salting the passwords will slow this process down further, eventually the attackers or their network will get the information they\u2019re after.\u201d<br \/>\n\u201cHashing uses mathematical algorithms to create a seemingly random value, determined by the input (your password) which is difficult even for computers, to reverse,\u201d Barrett explained. \u201cSalting is an additional layer of security added on top of the encryption to make it more difficult \u2013 but not impossible \u2013 to decode.\u201d<br \/>\nIn the LinkedIn breach, which exposed 6.46 million passwords, the passwords were hashed, but not salted.<br \/>\n\u201cOnce the nature of the salt is determined, they can uncover the passwords much quicker,\u201d Barrett said.<br \/>\nWith financial information not exposed in this attack, some may dismiss the type of data harvested as a minor threat, but having access to customer lists opens the opportunity for targeted phishing and social engineering attacks. For example, being able to send a targeted phishing message with the ability to address a user by name will certainly result in a much higher \u201chit rate\u201d than a typical \u201cblind\u201d spamming campaign would yield.<br \/>\n\u201cIf you, like many people do, use the same password for other online accounts, change those ASAP,\u201d Barrett said. \u201cOnce the passwords are uncovered, hackers will turn to popular sites like Facebook, LinkedIn, Gmail and so on. These breaches are another reminder why it\u2019s so important to maintain good password hygiene and use different passwords for all accounts and sites.\u201d<br \/>\n\u201cIn light of recent successful widespread attacks against major social networking sites, it&#8217;s obvious that these providers are simply not doing enough to protect their customers&#8217; information,\u201d Tubin added.<br \/>\nLivingSocial said they are actively working with law enforcement to investigate the incident but have not provided any additional details.<br \/>\n\u201cIt\u2019s likely this user data will be powering attacks for a very long time,\u201d Barrett said.<br \/>\nvia <a href=\"http:\/\/www.securityweek.com\/livingsocial-hacked-information-50-million-users-exposed\" target=\"_blank\">LivingSocial Hacked: Information of 50 Million Users Exposed | SecurityWeek.Com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cLivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[245,451],"class_list":["post-1988","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-cyber-attack","tag-hacked"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-w4","jetpack-related-posts":[{"id":6322,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/29\/does-the-internet-of-things-leave-you-vulnerable-to-cyber-attack\/","url_meta":{"origin":1988,"position":0},"title":"Does the Internet of Things leave you vulnerable to cyber attack?","author":"NCCT","date":"August 29, 2014","format":false,"excerpt":"At the Black Hat security conference in Las Vegas earlier this month, researchers demonstrated how a Nest thermostat can be hacked, to show how easily connected appliances\u2014the household technologies that make up the Internet of Things\u2014can be compromised. When you look beyond the demo's hyperbolic headlines, it turns out the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8935,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/31\/myspace-hack-puts-at-least-360-million-users-at-risk\/","url_meta":{"origin":1988,"position":1},"title":"Myspace hack puts at least 360 million users at risk","author":"NCCT","date":"May 31, 2016","format":false,"excerpt":"By Shawn Knight | TechSpot Time Inc., which recently acquired pioneering social network Myspace, has confirmed reports that the site was hacked. Like the Tumblr breach that we reported on yesterday, the compromised Myspace data dates back several years. Time said earlier today that it first became aware shortly before\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8943,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/06\/10\/twitter-is-notifying-affected-users-after-millions-of-login-details-leaked\/","url_meta":{"origin":1988,"position":2},"title":"Twitter is notifying affected users after millions of login details leaked","author":"NCCT","date":"June 10, 2016","format":false,"excerpt":"By Ian Paul | PCWorld Users worried about being caught up in the recent leak of more than 32 million Twitter login credentials should already know if they\u2019ve been hacked. Twitter confirmed on Friday that it was notifying users whose valid login credentials were recently being passed around on the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2971,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/17\/tumblr-tells-users-to-change-passwords-patches-security-hole-in-ios-apps\/","url_meta":{"origin":1988,"position":3},"title":"Tumblr tells users to change passwords, patches security hole in iOS apps","author":"NCCT","date":"July 17, 2013","format":false,"excerpt":"Tumblr, the blogging site recently acquired by Yahoo, has released a security update for its iPhone and iPad apps that it said addresses an issue that allowed passwords to be compromised in certain circumstances. Users of the apps have been advised to update their passwords on Tumblr as there is\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9031,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/09\/24\/heres-what-you-should-know-and-do-about-the-yahoo-breach\/","url_meta":{"origin":1988,"position":4},"title":"Here&#8217;s what you should know, and do, about the Yahoo breach","author":"NCCT","date":"September 24, 2016","format":false,"excerpt":"By Lucian Constantin | IDG News Service | PCWorld Yahoo\u2019s announcement that state-sponsored hackers have stolen the details of at least 500 million accounts shocks both through scale\u2014it\u2019s the largest data breach ever\u2014and the potential security implications for users. That\u2019s because Yahoo, unlike MySpace, LinkedIn and other online services that\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6128,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/05\/mozilla-warns-of-leaky-developer-network-database\/","url_meta":{"origin":1988,"position":5},"title":"Mozilla warns of leaky developer network database","author":"NCCT","date":"August 5, 2014","format":false,"excerpt":"Mozilla\u2019s website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday. Email addresses for 76,000 Mozilla Development Network (MDN) users were exposed, along with around 4,000 encrypted passwords, wrote Stormy Peters, director of development relations,\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1988"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1988\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}