At the time of this writing LivingSocial is stating that no customer credit card information was accessed and the banking systems remained secure. Still that still leaves usernames, date of birth, email addresses, and even encrypted passwords exposed. LivingSocial has not said what encryption the passwords are protected with or if the passwords were salted (adding extra characters to the ends of passwords to make them more secure even if the encryption is broken). We also do not know how the attackers got in yet.

We can only hope that LivingSocial was using something more secure than MDCrypt which uses the old and insecure MD5 encryption routine. We also hope that this incident help to push other companies to take a look at their security and improves it. It is sort of sad to continue to see these breaches happening one after the other when so many have happened in the recent past. If you are a subscriber to LivingSocial they recommend changing your password as a security precaution. A little common sense in the wake of an attack. Ahtouogh the statistical likely hood is that the attackers got in through the use of a simple attack exploiting outdated software/firmware or simple passwords we do not know what vector was used. Let’s hope that LivingSocial is not one of the growing group that los customer data because of that.

What do you think about online security? Tell us in our Forum