For anyone who's ever created an account on Living Social, there's been some unsettling news from the daily deal site: the company recently had to reset the passwords of 50 million users after experiencing a cyber attack. The attack didn't compromise users' credit card information, but the hackers gained access to Living Social's customer data servers -- which means names, email addresses, birth dates, and encrypted passwords were exposed.
So, if you're a Living Social customer, what should you do now? Other than panic about cyber-villains using your information to purchase massages, colonics, and discounted restaurant coupons? Here's the lowdown on the attack, and what you can do to protect your data.
Living Social describes the exact information that was compromised:
...names, email addresses, date of birth for some users, and encrypted passwords -- technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.
Hashed passwords are converted into one-way cryptographic representations that used random strings to cause each hash string to be unique … which is a fancy way of saying they're supposed to be hard to crack. As Living Social's CEO Tim O'Shaughnessy put it, "Your Living Social password would be difficult to decode."
However, this may not necessarily be true: advances in hardware and hacking techniques are making it much easier to unravel hashing algorithms like the one Living Social used.
So, in theory the attackers could decode your Living Social password -- in which case, the first thing you should do is change your password. Not on Living Social, since it sounds like they did this for you, but on ANY other websites where you use that same password.
While you're taking care of your Internet housekeeping, you may as well up the ass-pain factor a bit and make sure your passwords follow security best practices: they should be randomly generated by a password manager, contain a minimum length of 11 characters, and include numbers, letters, and symbols if possible. Also (SUCKILY) they should also be unique to each site.
Changing your password is a must-do in the case of your account being hacked, but it's no guarantee you won't experience more negative fallout. If you're a Living Social customer, the attackers had access to your name, your email address, and your birth date. Identity theft is a possibility, so you should pay special attention to your email and bank accounts in the days to come. If you see something weird, report it -- after all, it's better to be safe than sorry.
Were you affected by the Living Social hack?
Image via Living Social