LivingSocial's customer database has been hacked, impacting the website's 50 million customers. The firm began sending emails to customers Friday afternoon telling them they would have to change their site passwords.
"We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue," LivingSocial CEO Tim O'Shaughnessy said in an email to employees that was provided to NBC News by a company spokesman.
The memo said that customer credit card information was not stolen — it was stored in a separate database. And while the hacker stole customer passwords, they were encrypted and "salted," or scrambled.
In the memo, O'Shaughnessy included the text of the customer email. "Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one," read the email.
The company advised consumers who used their LivingSocial password at other sites to change the password at those sites, also.
The firm expects its customer service phone lines to be deluged, so O'Shaughnessy warned that he may decide to temporarily suspend telephone customer service. "We will be devoting all available resources to our Web-based servicing," he added.
O'Shaughnessy's message to employees concluded:
I apologize for the formality of this note, which the circumstances demand. We need to do the right thing for our customers who place their trust in us, and that is why we’re taking the steps described and going above and beyond what’s required. We’ll all need to work incredibly hard over the coming days and weeks to validate that faith and trust.
When Zappos.com had a similar incident last year impacting its 24 million customers, it also turned off customer service telephone lines temporarily.
The LivingSocial attack is among the largest ever, doubling the size of that Zappos attack, but still smaller than several other high-profile hacks, such as the 2011 attack on Sony's Playstation network, which impacted nearly 100 million users. Because the LivingSocial attack doesn't involve financial information, it doesn't rank among the most significant hacks, however.
Amazon is a part-owner of LivingSocial. A LivingSocial representative confirmed that Amazon accounts were not affected by the breach.