Tuesday, April 30, 2013

LivingSocial is Hacked - 50 Million Users Have Passwords Stolen

Living Social Logo.jpg
Security is an incredible cat & mouse game.  Weaknesses are discovered and then blocked.  Then new weaknesses are discovered… and they are blocked, and then the cycle starts again.
It's a difficult mission, securing a website.  It's almost like trying to prove a negative.  Despite your best efforts, a vulnerability is often not known until it is exploited, and by then of course it's too late.
As we turn more & more to the Internet for our everyday lives, we're going to be putting more and more trust in the architecture of sites to keep us secure.  And that can be a very dicey thing indeed.
The problem, of course, is that the bad guys know this too and they are very interested in getting as much info as possible to pilfer as much as possible.  We've seen several large databases compromised lately and now comes word of the latest hack to website LivingSocial.
It seems that over 50 million users are now being asked to reset their passwords after a security breach that allowed hackers to get names, dates of birth, encrypted passwords, and email addresses.  The company has stated that the database that stored credit card info was not part of this and that also the information for stores merchants' financial and banking info was also not affected.
Users who were part of the hack should be receiving info from LivingSocial on what to do next.
The sad part is that this is not the last one of these we will see.  Smarter minds than mine need to figure out a way to eliminate the need for passwords altogether.  It's become increasingly obvious that anything stored in a database is fair game...

No comments:

Post a Comment