MSE News: Hacked LivingSocial warns users to change passwords

edited 30 November -1 at 1:00AM in Shop but don't drop
5 replies 1.8K views
Former_MSE_HelenFormer_MSE_Helen
2.4K Posts
edited 30 November -1 at 1:00AM in Shop but don't drop
"Millions of LivingSocial users should change their passwords now after a security breach put customer data at risk..."
Read the full story:

Hacked LivingSocial warns users to change passwords

OfficialStamp.gif

Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.

Replies

  • chickywigglechickywiggle Forumite
    5.2K Posts
    Part of the Furniture Photogenic Combo Breaker Xmas Saver!
    ✭✭✭✭
    Ok NOW I'm concerned (either that or the cheif exec is choosing who to email what to).
    Tim O'Shaughnessy, has emailed members saying that the site is "expiring" old passwords and asking users to create a new one.
    Hackers were able to see names, email addresses, the dates of birth of some users and encrypted passwords. The fear is passwords may be decoded.

    as the last e-mail I had from them said:
    You do not need to take any action at this time, but we wanted to be sure you were fully informed of what happened.

    they certianly don't say "it is advised you change this password" or that there is any risk of it being decoded or even that they were expiring old passwords
    loves how my "I've been censored" signature has been censored. LOL. Happy Christmas. :xmastree:
  • edited 29 April 2013 at 9:53PM
    bethansmumbethansmum Forumite
    146 Posts
    Part of the Furniture Combo Breaker
    edited 29 April 2013 at 9:53PM
    This is a copy of the email i received from LivingSocial.
    LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

    The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

    The database that stores customer credit card information was not affected or accessed.

    Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.

    For your security, please create a new password for your [email account by following the instructions below.
    Visit https://www.livingsocial.com
    Click on the "Create New Password" button (top right corner of the homepage)
    Follow the steps to finish
    We also encourage you, for your own personal data security, to consider changing password(s) on any other sites where you use the same or similar password(s).

    The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

    Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.

    We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community
  • bethansmumbethansmum Forumite
    146 Posts
    Part of the Furniture Combo Breaker
    as I probably have 400+ accounts for different websites I am not impressed at having to change all my passwords. Each password 2 mins to change, total time is around 13 hours for LivingSocial's lack of care with my data. Is there any way to change all password in one go?
  • chickywigglechickywiggle Forumite
    5.2K Posts
    Part of the Furniture Photogenic Combo Breaker Xmas Saver!
    ✭✭✭✭
    2 completly different e-mails (honestly - i'm not lying)
    LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

    The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

    Two things you should know:

    The database that stores customer credit card information was not affected or accessed.
    If you connect to LivingSocial using Facebook Connect, your Facebook credentials were not compromised.

    You do not need to take any action at this time, but we wanted to be sure you were fully informed of what happened.

    The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

    Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a website that asks for such information.

    ***this seems to be where the missing info has been added - wondered why it didn't make sense!!!***

    If you have additional questions about this process, the "Create New Password" button on LivingSocial.com will direct you to a page that has instructions on creating a new password and answers to frequently asked questions.

    We are sorry this incident occurred; please rest assured we are doing everything possible to understand how this happened and ensure that no similar incident happens again in the future.

    mine was sent 27/4 @ 1.31
    loves how my "I've been censored" signature has been censored. LOL. Happy Christmas. :xmastree:
  • jamesdjamesd Forumite
    25.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper
    ✭✭✭✭✭
    bethansmum wrote: »
    as I probably have 400+ accounts for different websites I am not impressed at having to change all my passwords. Each password 2 mins to change, total time is around 13 hours for LivingSocial's lack of care with my data. Is there any way to change all password in one go?
    A salted, hashed password should be safe from decryption, so the password should be safe enough from exposure. That's one thing that they do seem to have got right, after some prominent failures to use a salt that happened in the last year.

    But you have a far bigger problem if you have the same password at many sites, and an even bigger one if you use the same account name as well. If one site is weak and does let the password out, that would allow the combination to be tried at many other sites, where it would work if you stick to the same one.

    If you must use the same core password for many sites, put part of the site name in part of the password so automatic testing of the same name and password combination from one hacked site at many other sites will fail.

    Use completely different passwords and patterns for financial and non-financial sites.

    Treat the passwords to any email accounts that could give access to password reset emails even more securely than the financial ones. A failure here could cost you large numbers of compromised logins, though this risk is most likely to apply to specifically targeted individuals rather than huge numbers of people.

    If you can, use different email addresses behind financial and non-financial sites also, so your reputation and money aren't both compromised at the same time.

    If you do have lots of passwords to change, best to try to do it more right so you don't have to do it again the next time this happens.
This discussion has been closed.
Latest MSE News and Guides

Lloyds Bank wrongly declares customer dead

Account was closed due to a misreading

MSE News

Cheap home insurance

Grab 100+ buildings insurance quotes & cashback

MSE Guides

£12 for 1L Baileys

Available at Tesco, Morrisons & Asda

MSE Deals