Users Bewared Suspected Phishing Email Attacks, Living Social Site Hacked
Security experts are urging Living Social website users to be careful of phishing emails sent out by unscrupulous third parties in the response of a latest online attack on its system that has lead in the data of 50 million of the website's users being infected , published itpro.co.uk on April 29, 2013.
The website provides control over money-saving coupons for offers at local restaurant, spas, and shops.
Seeking forgiveness from subscribers of the website, Living Social CEO, Tim O' Shaughnessy, said: "Living Social recently faced an online attack on our systems that end-resulted in unofficial access to some consumer information from our servers. We in coordination of law enforcement are examining this issue," according to the news by nakedsecurity.sophos.com on April 27, 2013.
"The details controlled contain names, email addresses, the DOBs of customers, and encrypted password; technically 'hashed'. Password is never stored by us in plain text, he added.
At the moment, little is called regarding the identity of the hackers, but security software vendor Imperva says an SQL injection or a botched software update could be responsible for the attack.
Barry Steinman, Senior Security Strategist at Imperva, said that the disclosed information recommend an SQL injection attack was used to manage database information," reported by itpro.co.uk on April 29, 2013.
"Unluckily, the SQL injection vector claims as most common and least handled security problems out there," he wrote.
Living Social is reaching out to one and all except those customers who reside in Thailand, Indonesia, Philippines and Korea. A Spokesman for the company described those details for any person in one of those nations is saved on a different, untapped web server, so they were not affected by this attack.
In the consequences of cyberattacks like these, cyber crooks often try to use phishing to get even more details. Living Social confirms to its subscribers that it will never inquire for more information in an email. Thus, in case you see an email inquiring for anything that's too personal, presume that's it's fraudulent and therefore don't reply. If you're worried about your account's safety, go straight to the Bank's website and check it from there.
Related article: Users Making Opening Online Accounts To Identify Thefts
» SPAMfighter News - 02-05-2013