Hackers access personal data of 50 million LivingSocial users
The operators of the discount voucher site LivingSocial have contacted around 50 million of their customers and recommended them to change their access passwords for the web service. According to a report in AllThingsD, LivingSocial CEO Tim O’Shaughnessy explained in the email to customers that attackers might have gotten access to encrypted passwords and personal information such as full names, birth dates and contact details. Credit card data of customers and merchants was apparently not accessed in the attack.
According to LivingSocial, the passwords were salted with a 40 bit random value and then hashed with the SHA-1 algorithm. They should therefore be relatively safe, but the company recommends users change their passwords anyway to be sure. In future, the company will encrypt passwords with the bcrypt algorithm which is slower than SHA-1 but is regarded as more secure. The data from customers in Korea, Thailand, Indonesia and the Philippines was apparently not affected in the attack as the part of the company operating in this region is using a different IT infrastructure.
LivingSocial was founded in 2007 under the name Hungry Machine. In 2010, Amazon invested $175 million in the company to purchase a 29% stake. The company is claiming to have 70 million users worldwide. In Europe, LivingSocial operates in the UK, Ireland, France, Portugal, Spain and Italy.