Hackers target 480,000 deal-site users
Published 07/05/2013 | 05:00
NEARLY half a million Irish customers of deals site LivingSocial have had personal details accessed by hackers.
The Data Protection Commissioner (DPC) has urged customers to change their passwords on other applications if they're the same as the one used on LivingSocial to prevent the risk of further cyber attacks.
It said this was especially important on email accounts and should be done as soon as possible, as customers' email addresses had been accessed in the hacking attack. "I can advise that the security breach experienced by LivingSocial was reported to our office late on Friday evening, April 26, 2013. It was reported that there are approximately 480,000 Irish customers affected," a DPC spokesperson told the Irish Independent.
The DPC said it had raised questions with LivingSocial about how the security breach happened and was still awaiting a response.
LivingSocial said that it had contacted more than 50 million customers worldwide, including Ireland, whose data may have been accessed in the security breach.
Hackers had got unauthorised access to databases containing details of customers' names, email addresses, date of birth and encrypted passwords.
However, the database containing customers' credit-card details had not been accessed, it said.
Asked if the gardai had been notified, LivingSocial said it could not give details of which authorities it was working with while the investigation was under way, but would be more transparent when it had more information.
"We are working with internal and external forensic security teams to investigate the nature of the incident and to further improve our security systems, and we are working with the relevant authorities to investigate this incident," it said.
Asked if there had been any problems reported as a result of the compromised data, LivingSocial said that as credit-card information was not affected it did not believe any customer accounts had been compromised, but it was investigating all concerns.
"We are enhancing our monitoring of accounts for any unusual activity on an ongoing basis just to be sure, and have seen no evidence of unauthorised activity," it said.
The customer passwords were encrypted and were never stored as plain text, but as a precaution it was expiring customers' old passwords and asking them to create a new one that would then be encrypted using a different code.
LivingSocial said customers should also consider changing their passwords on other sites if they were the same or similar to the one used on its website in order to protect their data. It also warned customers to disregard any email they received asking them directly for personal or account information as LivingSocial would always direct customers onto its own website for this.
Deals websites that offer customers substantial discounts on selected products and services are big business, with Irish consumers splashing out €53m on 1.6m deals last year.
LivingSocial is one of the biggest such companies operating in Ireland, with other major deals sites including Groupon, Pigsback and Grabone.