It is being reported that LivingSocial has had a substantial data breach affecting 50 million customers. The known scope of the data compromised at this time includes names, email address, birth dates and encrypted passwords (whew!).
In an email to employees management made it clear that no credit card information was compromised. Although LivingSocial says the passwords were hashed (SHA1 using a random 40 byte salt.), they are requesting out of an abundance of caution that users reset their password , given that the algorithm although not easy to decode, is not impossible to decode. On the same page LivingSocial warn users of the dangers of phishing attacks, another risk factor with the breach.
LivingSocial states they are still working with law enforcement as well as “internal and external forensic security teams” to investigate the issue, which indicates it may be premature to consider the security event over.
No word yet on any LivingSocial group deals on identity theft protection. Zing!