![\"living](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/04\/05113758\/lsocial_title.jpg\")
<\/a><\/p>\nThe good news is that, according to LivingSocial, user passwords<\/a> were hashed and salted. In other words, the passwords were stored in an encrypted format that would make it very difficult \u2013 although not impossible \u2013 for the attackers to make sense of the password data they accessed. The company also claims that attackers did not breach a separate database on which they store customer credit card and other payment information.<\/p>\n Again, hashed passwords* are hard, but not impossible, to break. If you have an account on LivingSocial, then you should follow this link<\/a> immediately and change your password over there. More importantly, if you used the same password for another site or sites, then you are going to want to go and change those passwords<\/a> as well.<\/p>\n It\u2019s almost getting to the point where attackers have to compromise payment information or find plain-text (unencrypted) passwords or something else humiliating on a hacked server for anyone to care. Consumers, the organizations that should be better protecting customer-data, and even some security professionals are all increasingly desensitized to these sorts of breaches<\/a>. It didn\u2019t used to be like this. At first, no one talked about data-breaches at all, then it got harder to sweep breaches under the rug, and companies had to come clean about them. Now we realize just how commonplace data breaches are and it\u2019s very difficult to sustain the rage in the face of near-daily breaches.<\/p>\n Realize this though, because we all read about spear-phishing. In fact, we may read about spear phishing and phishing and water-holing and other social engineering attacks as often as we read about data breaches. Social engineering attacks in general<\/a> rely on the attacker coming to possess a certain level knowledge about their targets. Where exactly do you think social engineers find email addresses for phishing attacks<\/a>? How do they figure out the interests of their potential targets so they can launch successful watering-hole attacks? Why are these hackers so good at guessing passwords and password reset questions?<\/p>\n<\/p>\n