nd.gov - The Official Portal for North Dakota State Government
North Dakota: Legendary. Follow the trail of legends

Information About the LivingSocial Breach

On Friday, April 26th, LivingSocial, a major Internet daily deal site experienced a security breach that compromised personal data for more than 50 million customers.

LivingSocial reports that along with the names, birth dates, and email addresses of some of the site's users, the intruders also accessed those users' passwords. The passwords could be used to access user accounts on LivingSocial. LivingSocial indicates that no credit card data was breached.

In the days and months ahead, it is anticipated that spammers and cyber criminals will attempt to exploit the trusted relationships customers may have with LivingSocial. The MS-ISAC reminds users to be wary of incoming emails that ask for account updates from LivingSocial, as they may be phishing scams. Please note that LivingSocial will never ask you directly for personal or account information in an email. If you receive an email purporting to be from LivingSocial, end users should go directly to the LivingSocial website -- and login -- before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information. (Source: https://www.livingsocial.com/createpassword)

What can I do to be safe?
This exposure of emails and customer names may lead to a wave of phishing attacks. Phishing is a vehicle to obtain your personal data, such as credit card numbers, passwords, account data, or other information. The scam attempts to entice email recipients into clicking on a link that takes them to a bogus website. This website may then prompt the recipient to provide personal information such as social security number, bank account number or credit card number, and/or it may download malicious software onto the recipient's computer. Both the link and website may appear authentic, however they are not legitimate. Legitimate businesses should never ask for personal or financial information via an email that is sent to you.

While targeted phishing attacks are likely to increase as a result of this breach, it is important that users are always vigilant for phishing attacks and understand how to recognize a phishing attempt and what users can do to protect yourself and minimize the likelihood of getting phished. The tips below will help you stay safe.

How Can I Avoid Becoming a Victim?

  • Be cautious about all communications you receive including those purported to be from LivingSocial or any businesses that advertise on the LivingSocial service and be careful when clicking links contained within those messages.
  • Do not respond to any unsolicited (spam) incoming e-mails.
  • Do not open any attachments contained in suspicious emails.
  • Do not respond to an email requesting personal information or that ask you to "verify your information" or to "confirm your user-id and password"
  • Beware emails that reference any consequences should you not "verify your information".
  • Do not enter personal information in a pop-up screen. Providing such information may compromise your identity and increase the odds of identity theft.
  • If it appears to be a phishing communication, do not respond. Delete it. You can also forward it to the Federal Trade Commission at spam@uce.gov.

For More Information:


What Our Customers Are Saying

The ITD service desk people are always so friendly and helpful! I really appreciate that.

Dept. of Human Services
August 3, 2015