LivingSocial Hacked, Gives up Names, Email and Encrypted Passwords
These days, the old "when, not if" saying applies to websites getting hacked just as much as it does for the likelihood of getting into a car accident. LivingSocial is the latest site to fall victim to an attack, but the Amazon-backed company has clearly learned from the mistakes of others and rushed to get out in front of the issue. Anyone visiting the site right now is greeted with a message that encourages users to change their passwords and links to a page that goes into detail about the attack. Customers have also received emails from LivingSocial.
Although no breach is good news, it looks like the most sensitive user data is out of the crooks' hands - for the moment. LivingSocial is assuring users that credit card data was untouched and wasn't even on the server that was accessed. Some customer names were exposed, however, and email and passwords went with them. But even there, all's not lost: the passwords are encrypted. If you don't use your LivingSocial password anywhere else, a new one is in order. If you have "One Password To Rule Them All," you have your work cut out for you, Frodo.
Our only quibble about Living Social's handling of the cyberattack is that the main-page notice doesn't specifically state that the site has been hacked. The big password banner is eye-catching, but if you don't know the site has been hacked, you might just blow it off and figure you'll change the password eventually - a decision you might have made differently had you known about the breach. Aside from that, it looks like LivingSocial is going out of its way to keep customers informed, and that's worth noting.
Notice anything different about LivingSocial's main page? The site is going out of its way to alert customers that it has been breached.
Although no breach is good news, it looks like the most sensitive user data is out of the crooks' hands - for the moment. LivingSocial is assuring users that credit card data was untouched and wasn't even on the server that was accessed. Some customer names were exposed, however, and email and passwords went with them. But even there, all's not lost: the passwords are encrypted. If you don't use your LivingSocial password anywhere else, a new one is in order. If you have "One Password To Rule Them All," you have your work cut out for you, Frodo.
Our only quibble about Living Social's handling of the cyberattack is that the main-page notice doesn't specifically state that the site has been hacked. The big password banner is eye-catching, but if you don't know the site has been hacked, you might just blow it off and figure you'll change the password eventually - a decision you might have made differently had you known about the breach. Aside from that, it looks like LivingSocial is going out of its way to keep customers informed, and that's worth noting.
