By Alistair Barr
SAN FRANCISCO, April 26 LivingSocial, the
second-largest daily deal company behind Groupon Inc,
said on Friday it was hit by a cyber attack that may have
affected more than 50 million customers.
The company said the attack on its computer systems resulted
in unauthorized access to customer data, including names, email
addresses, date of birth for some users and "encrypted"
LivingSocial stressed customer credit card and merchants'
financial and banking information were not affected or
accessed. It also does not store passwords in plain text.
"We are actively working with law enforcement to investigate
this issue," the company, part-owned by Amazon.com Inc,
wrote in an email to employees.
LivingSocial does not disclose how many customers it has.
However, spokesman Andrew Weinstein said "a substantial portion"
of the company's customer base was affected. LivingSocial is
also contacting customers who closed accounts, because it still
has their information stored in databases, he added.
The attack hit customers in the United States, Canada, the
U.K., Ireland, Australia, New Zealand, Malaysia, Southern Europe
and Latin America. Customers in South Korea, Indonesia,
Philippines and Thailand were not affected, Weinstein said.
"In light of recent successful widespread attacks against
major social networking sites, it's obvious that these providers
are simply not doing enough to protect their customers'
information," said George Tubin, senior security strategist at
Trusteer, a computer security company.
The attack comes as LivingSocial struggles to handle a
decline in consumer and merchant demand for daily deals. The
company raised $110 million from investors, including Amazon
earlier this year, but was forced to make large concessions to
get the new money.
Amazon invested $56 million in LivingSocial in the first
quarter, according to a regulatory filing on Friday, which also
revealed the company had a first-quarter operating loss of $44
million on revenue of $135 million.
LivingSocial said on Friday it was beginning to contact more
than 50 million customers whose data may have been affected by
the cyber attack.
LivingSocial told customers in an email that they should log
on to LivingSocial.com to create a new password for their
"We also encourage you, for your own personal data security,
to consider changing password(s) on any other sites on which you
use the same or similar password(s)," LivingSocial Chief
Executive Tim O'Shaughnessy wrote in the email.
"We are sorry this incident occurred."
All Things D reported the cyber attack earlier on Friday.