Do you use the discount site LivingSocial? If so, your email and password could now be a little more “social” than you wanted thanks to a new data breach that occurred on April 26.
A data breach has punctured LivingSocial and resulted in the exposure of the personal information of at least 50 million users. The leaked information includes names, birthdays and email addresses – very useful pieces of data if you’re an identity thief trying to figure out a way to get into someone’s profile or make a profit selling that same information. But what makes this attack even more devastating is that hackers were also able to get a hold of encrypted passwords. Even though the passwords were encrypted through processes called hashing and salting, it likely will not take hackers long to figure out the original passwords.
LivingSocial sent an email to its affected “LivingSocialites” shortly after the data breach informing them of the damage done and provided a direct URL to use for changing passwords. They also reassured customers that payment information did not appear to have been compromised. Even so, this is a hugely significant event for anyone concerned about the often fragile state of data security.
Patching up the tear: a data breach recovery crash course
So, what can you do when you get a message like that in your inbox? The basic rule is to minimize the chance that the thieves will be able to use any of the information they’ve absconded with by doing the following:
- Immediately log in directly to the site and change both your password and username.
- Change your username and password on all other accounts that share the same data, such as your bank’s online login or your Facebook profile. Research shows that 65 percent of us use the same password for different applications! (And hackers know that – guess what they’re going to go after?!)
- Be on the lookout for scam emails that appear to be from LivingSocial and want you to click on a link. Don’t click on any links that ask you to reset your password. Visit the URL directly instead.
- In general, be careful of what you click on. If in doubt, delete it out.
Leaving your accounts vulnerable after a data breach isn’t a risk worth taking. Proper measures are required anytime a situation like this occurs to make sure your assets don’t plummet to the ground and take your bottom line with it.
John Sileo is a data security expert and keynote speaker. His clients have included the Department of Defense, Visa, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.