LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo)

LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive cyber attack on its computer systems, which an email from CEO Tim O’Shaughnessy — just sent to employees and obtained by AllThingsD.com — said resulted in “unauthorized access to some customer data from our servers.”

The hack includes customer names, emails, birthdates and encrypted passwords.

The breach has impacted 50 million customers of the Washington, D.C.-based company, who will now be required to reset their passwords. All of LivingSocial’s countries across the world appear to have been affected, except in Thailand, Korea, Indonesia and the Philippines, as LivingSocial units Ticketmonster and Ensogo there were on separate systems.

One positive note in a not-so-positive situation: The email sent to employees and customers noted that neither customer credit card nor merchant financial information was accessed in the cyber attack.

This is the latest big data breach in the consumer Internet space, which has seen troublesome incursions into some high-profile companies recently, including Zappos, LinkedIn and Evernote.

When asked for comment on the email, a LivingSocial PR spokesman confirmed the attack and that 50 million customers were impacted.

The attack comes at a tough time for the company, since it has been trying to turn itself around after a downturn across the daily deals landspace. LivingSocial got a large cash infusion recently from investors to help staunch its losses. Amazon owns 29 percent of the company.

More to come, but here’s the email sent to employees, including one that will be sent to customers soon:

Re: Security Incident LivingSocialites — This e-mail is important, so please read it to the end. We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue. The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text. Two things you should know: 1. * The database that stores customer credit card information was not affected or accessed. 2. * The database that stores merchants’ financial and banking information was not affected or accessed. The security of our customer and merchant information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future. To ensure our customers and merchants are fully informed and protected, we are notifying those who may have been impacted via email explaining what happened, expiring their passwords, and requesting that they create new passwords. A copy of the note is included below this email. If you have any questions or concerns, please visit Pulse –https://pulse.livingsocial.com/intranet/Home/more_updates.html — for a list of frequently asked questions. If you have additional questions that aren’t answered in the FAQs, please submit them via email to XXX@livingsocial.com. Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our web-based servicing. I apologize for the formality of this note, which the circumstances demand. We need to do the right thing for our customers who place their trust in us, and that is why we’re taking the steps described and going above and beyond what’s required. We’ll all need to work incredibly hard over the coming days and weeks to validate that faith and trust. — Tim