LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo)
Update: Double-WOW. Their breach notice is already up on the California Attorney General’s web site. According to their submission to the state, the breach occurred on April 5 and was discovered on April 12. Original post follows:
Wow. AllThingsD.com is reporting:
LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive cyber-attack on its computer systems, which an email — just sent to employees and obtained by AllThingsD.com — said resulted in “unauthorized access to some customer data from our servers.”
The breach has impacted 50 million customers of the Washington, D.C.-based company, who will now be required to reset their passwords. All of LivingSocial’s countries across the world appear to have been affected, except in Thailand, Malaysia, Indonesia and the Philippines, as LivingSocial units Ticketmonster and Ensogo there were on separate systems.
One positive note in a not-so-positive situation: The email sent to employees and customers noted that neither customer credit card nor merchant financial information was accessed in the cyberattack.
Read more on AllThingsD.com, where they’ve posted the text of the internal message and provide additional details.