LivingSocial says its website was hacked, possibly compromising names, e-mail addresses, even passwords. But LivingSocial says credit-card information not affected by the cyber-attack.
The breach has impacted 50 million customers of the Washington, D.C.-based company, who will now be required to reset their passwords. All of LivingSocial’s countries across the world appear to have been affected, except in Thailand, Korea, Indonesia and the Philippines.
The firm began sending emails to customers Friday afternoon telling them they would have to change their site passwords.
“We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue,” LivingSocial CEO Tim O’Shaughnessy said in an email.
The memo said that customer credit card information was not stolen — it was stored in a separate database. And while the hacker stole customer passwords, they were encrypted and “salted,” or scrambled.
“Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,” O’Shaughnessy said.
The company advised consumers who used their LivingSocial password at other sites to change their password at those sits, also.
The firm expects its customer service phone lines to be deluged, so O’Shaughnessy warned that he may decide to temporarily suspend telephone customer service relations.
“Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our Web-based servicing,” he said.