50 Million LivingSocial Users’ Passwords Exposed in Security Breach

April 29, 2013

In an email to employees Friday, daily deals Website LivingSocial admitted it had been hacked, exposing personal information of more than 50 million users. While the intrusion reportedly did not compromise payment information, it did include names, email addresses, dates of birth and encrypted passwords.

“We recently experienced a cyberattack on our computer systems that resulted in unauthorized access to some customer data from our servers,” the company told employees. “We are actively working with law enforcement to investigate this issue.”

The attack on LivingSocial is the most recent in a string of attacks on Web companies seeking passwords. While a compromised password may not yield much for a criminal at LivingSocial or Twitter, people tend to use the same password for everything, including online banking and other financial sites. According to reports, hacked passwords can bring in up to $20 each at auction.

A statement from LivingSocial said the compromised passwords were encrypted by a mathematical algorithm and “salted” with extra random characters to make cracking the code protecting them more difficult.