Each year, the number of cyberattacks that result in data breaches grows higher. Recently, the daily deals site LivingSocial suffered a massive cyberattack that resulted in a data breach impacting 50 million customers. The company is requiring all users to reset their passwords in case they have been compromised. LivingSocial said that customer credit card information was not stolen because it was stored in a separate database, adding that although customer passwords were taken, they were encrypted and scrambled, so might not be useable.
“Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one,” LivingSocial CEO Tim O’Shaughnessy said in an email.
How does this impact customers?
Although the company said customers shouldn’t be concerned about the broader implications of this breach, some IT analysts pointed out that the hackers still made off with personal information about customers, like addresses, emails, birth dates and other data. After it’s decrypted, it could be used for nefarious purposes, like trying to steal someone’s identity. Customers that use the same password across multiple sites could also experience a user trying to hack into their other accounts.
Another concern is that the hacker could use the email address and name from an account to send out a phishing attack. Cyberthieves could send an email that appears to be legitimate and from a real company and trick users into submitting passwords, financial data or other confidential information.
“[They could] send out millions of emails saying they’re LivingSocial, and get users to change their passwords,” said one security researcher. “The biggest risk to people is clicking a link in an email.”
Cybersecurity best practices
This incident underlines the importance of being cautious about where confidential information is stored. Any data that is entered onto a public computer should be erased entirely so that it is not usable or accessible to others. Some software can erase information stored on public computers in business settings, schools, libraries or other facilities.
It’s also critical that users follow best practices when it comes to internet safety, checking that emails are from legitimate sources and using strong passwords that vary across different sites. As these kinds of breaches become more common, only smart and proactive behavior will help individuals remain ahead of these kinds of problems.
What are other ways that users can protect themselves from cyberattacks and these kinds of issues? Please share your thoughts below.