LivingSocial is undertaking a massive cleanup since it said Friday that its consumer records had been compromised.
The attack on the company’s systems revealed the names, e-mail addresses, encrypted passwords and birth dates of more than 50 million of its users worldwide.
The company has notified users affected by the attack and is asking them to change their passwords by heading to the site and signing in. Once affected users have signed in, they’re prompted to change their passwords. Users can then click that link and are sent an e-mail with a link that will let them reset their passwords.
The company is also putting a banner at the top of all of its pages to inform users they should change their passwords.
Some LivingSocial users have reported that they aren’t receiving their password reset e-mails because the messages are getting caught in spam filters. The e-mails should come within minutes of users clicking on the link; be very suspicious of any other e-mails claiming to be from LivingSocial that aren’t triggered by this action.
LivingSocial spokesman Andrew Weinstein said that the company hasn’t heard about an unusual spike of mail getting snagged before making it to users inboxes but that the firm is working to alert every user about the breach.
So far, he said, the process, while unfortunate, has “gone fairly smoothly” and that there haven’t been any major problems as users rush to change their passwords.
Users should also change passwords and credentials for any accounts that share their old Living Social username and password. But they should also be on the lookout for an increase in spam e-mails related to the hack. As always, immediately delete any e-mail that asks you to “verify” your username or password by entering it, and carefully check that the Web sites embedded in e-mail links take you to the right place before you enter any information.
And, as always, be very careful about opening any e-mail that sets off warning bells in your head. When in doubt, hit the delete key.
(LivingSocial chief executive Tim O’Shaughnessy is the son-in-law of Donald E. Graham, Washington Post Co. chairman and chief executive.)