LivingSocial has been hacked.
On Saturday, the daily-deals company that's part-owned by Amazon.com (AMZN -1.65%) posted a "security notice" on its website, alerting users to an unauthorized intrusion into its servers. In pertinent part, the notice advised:
- "LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers."
- "The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords."
- Crucially, though, "The database that stores customer credit card information was not affected or accessed."
- And also, "we have not received any abnormal reports of accounts with unauthorized charges or activity."
As is common in such incidents, LivingSocial was vague on the details and, in particular, vague on the number of its customers affected by the hack, on the date the attack first took place, and how long LivingSocial's servers were an open book to the hackers. LivingSocial says it's investigating the incident in cooperation with law enforcement.
Meanwhile, the company is urging its customers to change their passwords for accessing the LivingSocial website, and also to change "password(s) on any other sites on which you use the same or similar password(s)."
Why worry about "other" websites? Judging from what little LivingSocial has divulged so far, it appears that hackers now know who you are, what email address you use (often used as a default user or screen name on websites), and may be able to decode even encrypted passwords stolen from LivingSocial. There's a risk, therefore, that they may soon be able to hijack your accounts on other websites using these passwords.
