[Owasp-board] LivingSocial

Tom Brennan tomb at owasp.org
Sat Apr 27 00:22:51 UTC 2013


Yes they were hacked like many others everyday your jihad is ridiculous Jim.  It's not a Weev troll rather a FACT

Your all spun up about this?



Or was it something else? Lets be clear 



Begin forwarded message:

> From: Erica Absetz <erica at riskbasedsecurity.com>
> Date: April 26, 2013, 6:29:44 PM EDT
> To: <dataloss-discuss at datalossdb.org>, <dataloss at datalossdb.org>
> Subject: [Dataloss] Cyberattackers hack into LivingSocial, 50 million customers impacted
> 
> http://www.usatoday.com/story/news/nation/2013/04/26/liviing-social-hacked-passwords-amazon/2116485/
> 
> LivingSocial, the daily deals site owned in part by Amazon, has
> suffered a massive cyberattack on its computer systems, according to
> officials at the company.
> 
> The breach has impacted 50 million customers of the Washington,
> D.C.-based company, who will now be required to reset their passwords.
> All of LivingSocial's countries across the world appear to have been
> affected, except in Thailand, Korea, Indonesia and the Philippines.
> 
> The firm began sending emails to customers Friday afternoon telling
> them they would have to change their site passwords.
> 
> "We recently experienced a cyber-attack on our computer systems that
> resulted in unauthorized access to some customer data from our
> servers. We are actively working with law enforcement to investigate
> this issue," LivingSocial CEO Tim O'Shaughnessy said in an email.
> 
> The memo said that customer credit card information was not stolen —
> it was stored in a separate database. And while the hacker stole
> customer passwords, they were encrypted and "salted," or scrambled.
> 
> "Although your LivingSocial password would be difficult to decode, we
> want to take every precaution to ensure that your account is secure,
> so we are expiring your old password and requesting that you create a
> new one," O'Shaughnessy said.
> 
> The company advised consumers who used their LivingSocial password at
> other sites to change their password at those sits, also.
> 
> The firm expects its customer service phone lines to be deluged, so
> O'Shaughnessy warned that he may decide to temporarily suspend
> telephone customer service relations.
> 
> "Because we anticipate a high call volume and may not be able to
> answer or return all calls in a responsible fashion, we are likely to
> temporarily suspend consumer phone-based servicing. We will be
> devoting all available resources to our Web-based servicing," he said.
> _______________________________________________
> Dataloss Mailing List (dataloss at datalossdb.org)
> Archived at http://seclists.org/dataloss/
> Unsubscribe at http://datalossdb.org/mailing_list
> 
> Supporters:
> 
> Risk Based Security (http://www.riskbasedsecurity.com/)
> Risk Based Security equips organizations with security intelligence, risk
> management services and on-demand security solutions to establish
> customized risk-based programs to address information security and
> compliance challenges. 


On Apr 26, 2013, at 8:00 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Sarah,
> 
> I trust your good intentions and I think the problem was from @AppSecUSA and not from @OWASP.
> 
> I think we should have someone more responsible running the @AppSecUSA. This is a major error in judgement and it's not the first time.
> 
> I also changed the password to @OWASP and shut down all connections to third party apps. I'll get the password to you very soon.
> 
> Aloha,
> Jim
> 
> 
>> Jim and all- this particular  RT ( not original from appsecusa) is my
>> fault and was trying to do something quick (retweeting something else)
>> and not thinking. I will send an apology to living social.
>> 
>> Regards,
>> 
>> Sarah
>> 
>> On Apr 26, 2013, at 7:37 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> 
>>> LivingSocial just got hacking and the @AppSecUSA Twitter account just called them out on social media. And the @owasp account retweeted it (not from me).
>>> 
>>> This is absolutely and positively unacceptable from official OWASP accounts. LivingSocial is an OWASP sponsor and provides the OWASP Northern Virginia chapter with a physical location for chapter meetings. And even if they were not sponsors, OWASP should never be trying to call our or shame folks who get hacked. It's trashy at best.
>>> 
>>> Who runs this account and what were you thinking? Or more like, you were not thinking. Why would OWASP ever officially try to call someone out after they were hacked?
>>> 
>>> I'm fairly sure this was Tom Brennan. Can we please have someone more sensible and responsible managing official OWASP communication? This is not the first time...
>>> 
>>> Regards,
>>> Jim Manico
>>> OWASP Board Member
>>> 
>>> 
>>> 
>>> -------- Original Message --------
>>> Subject: ??
>>> Date: Fri, 26 Apr 2013 18:36:35 -0400
>>> From: Jack Mannino <jack at nvisiumsecurity.com>
>>> To: Jim Manico <jim.manico at owasp.org>
>>> 
>>> Wtf is this shit? They generously give my chapter an awesome space to use every month, and Mike McCabe (promoted to Ken's job after he came to work for me) serves on the NoVa chapter board with me. I have no clue who posted that, but that's a good way to get a solid sponsor to say fuck you to us.
>>> 
>>> -Jack
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130426/aa749936/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 233472 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130426/aa749936/attachment-0001.png>


More information about the Owasp-board mailing list