LivingSocial data breach exposed 50M customer records

LivingSocial data breach exposed 50 million customer records, the news is shocking and is circulating on the Internet since last Friday.

On The internet is circulating the news of the LivingSocial data breach, an incident that menace the privacy of million of users and that rekindling the debate on the level of security provided by major service companies that handle personal data of millions of users.

LivingSocial is one of the largest daily deals company , behind Groupon Inc., part-owned byAmazon.com Inc., last Friday it was hit by a cyber attack that may have affected more than 50 million customers. The attackers gathered the access to the company servers and to customer data including names, email addresses, “encrypted” passwords and some users’ dates of birth.

The news has been provided by an internal memo emailed to employees and obtained by AllThingsD, the memo confirmed LivingSocial data breach and that neither customer credit card information nor merchant banking information was compromised.

The company promptly sent an email to its clients recommending the creation of new passwords for affected customers, following the message sent via email by the company Chief Executive Tim O’Shaughnessy:

“We recently experienced a cyber attack on our computer systems that resulted in unauthorized access to some customer data from our servers,”

“We are actively working with law enforcement to investigate this issue.”

The Imperva Security Blog published an interesting post on the LivingSocial data breach trying to understand what happened, considering the enormous amount of data it is likely to think that the attackers exploited a vulnerability using a web SQL Injection attack or a framework based attack.

Imperva experts elaborated two hypotheses on the LivingSocial data breach:

The SQL Injection attack hypothesis

Based on the data structure that LivingSocial company announced to have it is very likely that the attackers used a SQL Injection attack.

The framework based attack hypothesis

Attackers may have exploited a vulnerability in Ruby-On-Rails technology used by LivingSocial in its applications and application servers. Various Ruby vulnerabilities enable a remote attacker to gain control over an exposed server and execute arbitrary code to compromise the target. In this case the LivingSocial may haven’t patched its software.

Whatever is the cause of a so serious data breach it is fundamental that the company operates protecting its customers and ensuring the continuity of its activity

Once again the media impact of such incidents could have a serious impact on the victims guilty of underestimating the importance of cyber security.

Pierluigi Paganini

(Security Affairs – Data Breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.