LivingSocial, a web site and app that offers users daily deals, has had its database hacked. The security breach has affected more than 50 million separate accounts, as hackers were able to obtain email addresses, names, birthdays, and encrypted passwords.
Users are currently being informed via email that they should change their passwords immediately. LivingSocial houses about 70 million accounts worldwide.
"We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers," wrote LivingSocial CEO Tim O'Shaughnessy in an email to employees, obtained by All ThingsD. "We are actively working with law enforcement to investigate this issue.
"The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords - technically 'hashed' and 'salted' passwords. We never store passwords in plain text."
If there's any good news, it's that customer credit card information, along with any merchants' financial and banking info, was not accessed by hackers.
Still, considering the large scale of the attack, if customers are re-using the same passwords across numerous sites and accounts, it could mean that even more information could be at risk.
"If there are approximately a billion people on the Internet, this hack single-handedly represents about half a percent of all Internet users," Robert Hansen, director of Product Management & Technical Evangelist at WhiteHat Security, said to CNET. "This could be catastrophic, not for the accounts and credit cards that are stolen directly, but also because of password reuse of all of those millions of users. They should be changing their passwords immediately."
Currently, it's unknown who was responsible for the attack, how it happened, and even when exactly the breach occurred. But if any of your other accounts used the same password as your LivingSocial one, you should make sure to change those as well.
"Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one," reads the email being sent out to customers.
Visit this page over at LivingSocial.com to create a new password. An FAQ is also available for those who want to read up on the attack some more.