LivingSocial is the most recent high-profile site to be hacked. The online coupon site reports that hackers got access to the names, emails, birthdays, and encrypted passwords of 50 million customers. What's positive though, according to the company, is that hackers did not get any credit card or banking information.
Not sure about you, though I'd be somewhat skeptical if I had an account and was told that my email, username, birthday were all hacked though not my credit card. I'd probably insist on knowing whether credit card data that they keep of mine is encrypted, as it should be.
Customers affected will be receiving an email letting them know to change their password, says USA Today. Some customers today were met at the site with a welcome and "please change your password message."
If you're a LivingSocial member, go ahead and change your password, don't wait for an email from the company, and perhaps think about letting your credit card company know that "a site that has your credit card information was hacked, although the site says that the server where my credit card information is contained was not hacked," and see what advice your credit card company gives you. ;)
CNN Money reports that "All LivingSocial users had some data stored on the hacked server, the spokesman said, except for customers in Korea, Thailand, Indonesia and the Philippines. Those countries use TicketMonster and Ensogo, which are on different systems.
An email sent to employees, at LivingSocial, about the attacks, released by AllThingsD, said, in part, the following:
"Two things you should know:
1. * The database that stores customer credit card information was not affected or accessed.
2. * The database that stores merchants’ financial and banking information was not affected or accessed.
The security of our customer and merchant information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.
To ensure our customers and merchants are fully informed and protected, we are notifying those who may have been impacted via email explaining what happened, expiring their passwords, and requesting that they create new passwords. A copy of the note is included below this email."
The company also says in the email to customers that: "We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers," .... "We are actively working with law enforcement to investigate this issue."
Personally, I'd like a bit more information than it's being reported to law enforcement, as that's more LivingSocial's issue than mine. I also wouldn't be too happy with a company that says "we are doubling efforts for the future" as all that matters is what was already stolen. All customer's care about is now and the issue for the company to be forthright and honest and share the EXACT information that was taken and whether or not my credit card information, which apparently was not taken, was encrypted or not. That's it.