According to LivingSocial, they were hacked a couple of weeks ago. Let me repeat that a site that sells deals to consumers… all kinds of deals from different merchants to different types of customers was hacked. You can shop for clothes, vacations, hair cuts, activities, just about anything. And they were hacked! I sent out a tweet the following day, asking if anyone wondered why they were hacked.
Yes they have credit data, but so does just about about every other site. And now a days, credit card data is usually sealed up pretty well. If a company gets hacked and loses credit card data, you need to stop shopping there. They really don’t have their stuff together. PCI data is one of the top security control policies and often what is used as a template for other security controls.
What hackers get out of Living Social is so much more. Hackers get email address and information about you and what you purchase, what you look for in culture, where you live. Hackers can know if your accounts are linked with other accounts like Facebook or Foursquare, etc. They find out about you and finding out about you is better then getting your credit card data. Finding out about you means getting around all those other controls that banks and companies put in to place. Finding out about you is giving them the keys to your life.
Credit card companies have insurance policies in place for when your numbers get stolen. Hacking is so much more. Hacking is making you a pawn in their game. Using you to get in to your company to steal vital information. Using you to get to your friend that might have vital information. You are just one entity in a bigger circle of hacking life. The more you let others know about you through your online identity (including your email), the weaker you become. Knowing an email address and getting into your email account is basically letting someone read your diary.
Security is changing and people are not changing with it. People need to understand that this is an ever changing cycle of security and what we talked about years ago regarding what to protect isn’t necessarily what we are talking about now. Hacking is growing, anti-virus is growing, but we are not growing with it. We need to understand the new risk and make the changes with it