วันศุกร์ที่ 26 เมษายน พ.ศ. 2556
The Daily deals website LivingSocial is the latest database
target of hackers, who have compromised the personal information of more than
50 million users.
AllThingsD obtained the internal LivingSocial e-mails, the
unidentified culprits seem to have made off with the names, e-mails, dates of
birth, and encrypted passwords of what appears to be the spacious majority of
LivingSocial customers.
The Washington D.C-based site owned in part by Amazon, claims
that it has around 70 million users worldwide but the the company’s divisions
which are in the Phillipines, Indonesia, South Korea, and Thailand remain
unaffected since they are hosted on different servers.
Robert Hansen, director of Product Management and Technical
Evangelist at WhiteHat Security said if it is important to consider its scale
to put this breach in perspective. He revealed, "If there are approximately a billion people
on the Internet, this hack single-handedly represents about half a percent of
all Internet users. This could be catastrophic, not for the accounts and credit
cards that are stolen directly, but also because of password reuse of all of
those millions of users. They should be changing their passwords immediately”.
The LivingSocial CEO, Tim O’Shaunessy wrote an
e-mail in which he stated, “We recently experienced a cyberattack on our
computer systems that resulted in unauthorized access to some customer data
from our servers. We are actively working with law enforcement to investigate
this issue”. He also advised to LivingSocial customers to create a new password.
The daily deals website has subsequently reset its users’ passwords though it
is not celar enough if all of the customers’ passwords were reset or just
people who were hacked.
In
this case, there’s still one saving bounty of the hack. It is that the merchant
and customer financial data that includes credit card number seems to have
avoided the hackers’ grip. Chris
Wysopal, an information security expert at Veracode, said in a phone
conversation with CNET’s crew, "The fact that the credit card information is
stored separately is good, and I'm glad that they did that”.
When
being confirmed, LivingSocial declined to comment on the questions of the type
of attacks were used to get the database and how long the attacks occur. The
LivingSocial spokesperson claimed if they do not discuss about timing or
details regarding to the attack due to the ongoing investigation.
According to Wysopal, when given the type of data stolen, he
stated, “It's likely that the attacks used a Web app
to get at the site's SQL databases. If it was a Web application, testing
should've been better”. “That's one of the frustrations out here in the
professional security world. If we knew what the root causes were of these
hacks, it would be easier to help companies improve their security", he
added.
