LivingSocial website hacked
LivingSocial, the online deals service, says it's being assisted by law enforcement after its website was hacked late last week.
The D.C.-based company says the personal data of more than 50 million customers may have been affected.
"Maybe it's time for me get out if they're having these security issues," said LivingSocial customer Dave Wilkinson, who lives in the district.
LivingSocial informed it's customers about the hacking via email Friday.
The company says customers' names, email information, dates of birth and passwords may have been compromised but credit card information, which is stored in a separate database, was not.
Customers are being asked to reset their passwords and disregard emails claiming to be from LivingSocial that request personal or account information.
"The security of your information is our priority," LivingSocial CEO Tim O'Shaughnessy wrote. "We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future."
"It's better that they said 'we've been breached'," said cyber security expert Raphael Mudge of Strategic Cyber.
"They're on top of their game, looking for that, versus some hacker posting the information on a website, and everybody scrambling for a day, trying to figure out what happened."
At the Blind Dog Cafe, a popular cyber hangout in Northwest, several LivingSocial customers say they weren't overly surpised by the attack.
"There are very talented hackers who could do that to anyone," said Ann Millspaugh of D.C.
It has not been an easy year for LivingSocial, which has 600 employees in the nation's capital.
Last Nov., the company laid off 400 employees, about 10 percent of its 4,000 member worldwide workforce.
Published reports say LivingSocial posted a $50 million loss in the first quarter of 2013.
Despite these problems, a LivingSocial spokeswoman says the firm is committed to staying in the district.
"...LivingSocial was born in Washington, it is one of our most important markets," wrote Elizabeth Hebda in an email to ABC7.
"...It is our current and future home for our headquarters. We plan to stay, grow, and succeed with the District," she added.
Mudge said he uses his hacking skills to find security weaknesses in corporate clients' websites.
He says people should be cautious about using similar passwords on multiple sites.
"That's how I'd get into systems. I'd get ahold of one credential, try it everywhere I could, and that would leverage me access to other assets," he says.
"I try to diversify my passwords as much as possible, keep them in a document," added D.C. resident Rosie Stone. "I can create more complicated passwords. If one of my sites is hacked, it's less likely that all of them will be hacked."
LivingSocial isn't giving specifics on how the hacking occurred. A spokeswoman says the company is taking actions to protect its systems, is monitoring for unauthorized activity, and is taking steps to protect against future attacks.
Millspaugh said users need to take responsibility for their own web security.
"I think what's more important is that individuals start realizing what information they're putting on line, and how it exposes them," she added.