50 million users' names, e-mail addresses, birthdates and encrypted passwords were exposed.
A cyber attack on LivingSocial has exposed 50 million users' names, e-mail addresses, birthdates, and hashed and salted paswords. Credit card information was not accessed, according to the company (h/t DataBreaches.net).
In a notice on its Web site, the company states, "LivingSocial recently experienced a cyber attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue."
"LivingSocial never stores passwords in plain text," the notice states. "LivingSocial passwords were hashed with SHA1 using a random 40 byte salt. What this means is that our system took the passwords entered by customers and used an algorithm to change them into a unique data string (essentially creating a unique data fingerprint) -- that’s the 'hash.' To add an additional layer of protection, the 'salt' elongates the password and adds complexity."
The company is requiring all users to change their passwords, and is urging its users to change passwords on any other sites on which they use the same or similar passwords.
AllThingsD.com reports that the only LivingSocial users unaffected by the breach are those in Thailand, Korea, Indonesia and the Philippines, as those users' data is held on separate systems.