tech:

taffy

LivingSocial Hack Compromises 50M Users

LivingSocialDaily deals site LivingSocial may have exposed customer data for some 50 million users, when it experienced a cyber-attack on its computer systems.

The breach resulted in unauthorized access to names, email addresses, date of birth (for some users), and passwords. The database that stored customer credit card information was not affected, nor was the Facebook data for LivingSocial users using Facebook Connect.

LivingSocial says it is working with law enforcement, and forensic security teams, to investigate the incident and to improve its security systems. As far as online passwords go, the company says its passwords were ‘hashed’ (hashing uses an algorithm to convert the password into a different string)   and ‘salted’ (salted means these passwords likely have additional random text added, as an additional layer of security).

The attack,  reported by Kara Swisher of AllThingsD, and based on an internal email sent out by the company’s CEO Tim O’Shaughnessy, carries a confirmation from a LivingSocial PR spokesperson, saying that 50 million users were indeed affected. According to a notice posted on the LivingSocial website, ‘some customer data from our servers’ were compromised. 

How did the company manage to get 50 million of its users compromised at one go? Were all LivingSocial users compromised? LivingSocial says it has 70 million members worldwide, so presumably, not. 

LivingSocial passwords were hashed with SHA1 using a random 40 byte salt. Passwords entered by customers were changed into a data string, creating a unique data fingerprint, using a security algorithm (that’s the ‘hash’). The company further added random information to the passwords (the salting part). Following the attack, LivingSocial says it is has switched its hashing algorithm from SHA1 to bcrypt. 

LivingSocial joins Twitter, LinkedIn, and Evernote, among others, in a list of companies that were breached recently.

[Image courtesy: LivingSocial]

Just in

Apple sued in a landmark iPhone monopoly lawsuit — CNN

The US Justice Department and more than a dozen states filed a blockbuster antitrust lawsuit against Apple on Thursday, accusing the giant company of illegally monopolizing the smartphone market, writes Brian Fung, Hannah Rabinowitz and Evan Perez.

Google is bringing satellite messaging to Android 15 — The Verge

Google’s second developer preview for Android 15 has arrived, bringing long-awaited support for satellite connectivity alongside several improvements to contactless payments, multi-language recognition, volume consistency, and interaction with PDFs via apps, writes Jess Weatherbed. 

Reddit CEO Steve Huffman is paid more than the heads of Meta, Pinterest, and Snap — combined — QZ

Reddit co-founder and CEO Steve Huffman has been blasted by Redditors and in media reports over his recently-revealed, super-sized pay package of $193 million in 2023, writes Laura Bratton. 

British AI pioneer Mustafa Suleyman joins Microsoft — BBC

Microsoft has announced British Artificial Intelligence pioneer Mustafa Suleyman will lead its newly-formed division, Microsoft AI, according to the BBC report. 

UnitedHealth Group has paid more than $2 billion to providers following cyberattack — CNBC

UnitedHealth Group said Monday that it’s paid out more than $2 billion to help health-care providers who have been affected by the cyberattack on subsidiary Change Healthcare, writes Ashley Capoot.