LivingSocial security breach sparks phishing email fears

Attack on money-saving coupon site prompts speculation from IT security community.

Money off

Security experts are warning LivingSocial users to be wary of phishing emails sent out by unscrupulous third parties in the wake of a recent attack on its systems.

The site gives users access to money-saving online coupons for discounts at local restaurants, spas, and shops, for example.

The hack is thought to have resulted in the data of 50 million of the site's users being compromised, with names, addresses, birth dates, email details , and passwords among the data reported to have been unlawfully accessed.

In an apologetic email to users, LivingSocial CEO, Tim O'Shaughnessy, wrote last week: "LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorised access to some customer data from our servers.

 "We are actively working with law enforcement to investigate this issue," he added.

We are actively working with law enforcement to investigate this issue.

At the moment, little is known about the identity of the hackers, but security software vendor Imperva claims an SQL injection or a botched software update could be to blame for the attack.

Barry Shteiman, senior security strategist at Imperva, wrote in a blog post that the leaked information suggests an SQL injection attack was used to access database information.

"Unfortunately, the SQL injection vector remans one of the most common and least handled security problems out there," he wrote.

Meanwhile, data security firm Check Point is encouraging LivingSocial users to change their passwords as quickly as possible to prevent further information about them being leaked.

"They should be cautious about clicking on links in emails they receive purporting to be from LivingSocial," said Terry Greer-King, managing director at Check Point.

"There's a real risk that the stolen email addresses will be used to send phishing emails to users, to try and harvest more data such as credit card details."

He also warned users to be on their guard, claiming online threats like this are on the rise.

"In 2012, businesses globally were reporting an average of nearly 70 attempted security attacks on their networks every week. For the attackers, this is just a numbers game," he added.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Colonial Pipeline reportedly paid $5 million ransom
Security

Colonial Pipeline reportedly paid $5 million ransom

13 May 2021
Apple's AirTag tracker has already been hacked
hacking

Apple's AirTag tracker has already been hacked

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021